VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,228 total · sorted by risk
  • CVE-2013-5498Sep 27, 2013
    risk 0.00cvss epss 0.02

    The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.

  • CVE-2012-1313Sep 27, 2013
    risk 0.00cvss epss 0.00

    The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772.

  • CVE-2013-5481Sep 27, 2013
    risk 0.00cvss epss 0.02

    The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.

  • CVE-2013-5480Sep 27, 2013
    risk 0.00cvss epss 0.01

    The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.

  • CVE-2013-5479Sep 27, 2013
    risk 0.00cvss epss 0.02

    The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.

  • CVE-2013-5478Sep 27, 2013
    risk 0.00cvss epss 0.02

    Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.

  • CVE-2013-5477Sep 27, 2013
    risk 0.00cvss epss 0.02

    The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.

  • CVE-2013-5476Sep 27, 2013
    risk 0.00cvss epss 0.02

    The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.

  • CVE-2013-5475Sep 27, 2013
    risk 0.00cvss epss 0.02

    Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.

  • CVE-2013-5474Sep 27, 2013
    risk 0.00cvss epss 0.01

    Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.

  • CVE-2013-5473Sep 27, 2013
    risk 0.00cvss epss 0.02

    Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.

  • CVE-2013-5472Sep 27, 2013
    risk 0.00cvss epss 0.02

    The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by…

  • CVE-2012-4088Sep 26, 2013
    risk 0.00cvss epss 0.01

    The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769.

  • CVE-2012-4092Sep 26, 2013
    risk 0.00cvss epss 0.01

    The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug…

  • CVE-2012-4079Sep 26, 2013
    risk 0.00cvss epss 0.01

    The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206.

  • CVE-2012-4086Sep 25, 2013
    risk 0.00cvss epss 0.03

    A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790.

  • CVE-2012-4094Sep 24, 2013
    risk 0.00cvss epss 0.02

    Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198.

  • CVE-2012-4089Sep 24, 2013
    risk 0.00cvss epss 0.00

    MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID…

  • CVE-2012-4087Sep 24, 2013
    risk 0.00cvss epss 0.02

    A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793.

  • CVE-2012-4085Sep 24, 2013
    risk 0.00cvss epss 0.02

    The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761.

  • CVE-2012-4078Sep 24, 2013
    risk 0.00cvss epss 0.04

    The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656.

  • CVE-2013-5502Sep 23, 2013
    risk 0.00cvss epss 0.01

    The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344.

  • CVE-2013-5490Sep 23, 2013
    risk 0.00cvss epss 0.02

    Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.

  • CVE-2013-5487Sep 23, 2013
    risk 0.00cvss epss 0.02

    DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.

  • CVE-2013-3473Sep 20, 2013
    risk 0.00cvss epss 0.02

    The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID…

  • CVE-2012-4082Sep 20, 2013
    risk 0.00cvss epss 0.00

    MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.

  • CVE-2012-4081Sep 20, 2013
    risk 0.00cvss epss 0.00

    MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734.

  • CVE-2013-5501Sep 20, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328.

  • CVE-2013-5500Sep 20, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338.

  • CVE-2013-1130Sep 20, 2013
    risk 0.00cvss epss 0.01

    Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.

  • CVE-2012-4093Sep 20, 2013
    risk 0.00cvss epss 0.00

    The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186.

  • CVE-2012-4083Sep 20, 2013
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID…

  • CVE-2012-4074Sep 20, 2013
    risk 0.00cvss epss 0.01

    The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of…

  • CVE-2012-4073Sep 20, 2013
    risk 0.00cvss epss 0.01

    The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

  • CVE-2012-4072Sep 20, 2013
    risk 0.00cvss epss 0.01

    The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.

  • CVE-2013-5497Sep 19, 2013
    risk 0.00cvss epss 0.02

    The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request,…

  • CVE-2013-1121Sep 19, 2013
    risk 0.00cvss epss 0.01

    The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554.

  • CVE-2013-5496Sep 16, 2013
    risk 0.00cvss epss 0.02

    Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.

  • CVE-2013-5494Sep 16, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209…

  • CVE-2013-5495Sep 16, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681.

  • CVE-2013-5493Sep 13, 2013
    risk 0.00cvss epss 0.00

    The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407.

  • CVE-2013-5492Sep 13, 2013
    risk 0.00cvss epss 0.01

    administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780.

  • CVE-2013-5489Sep 13, 2013
    risk 0.00cvss epss 0.01

    The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID…

  • CVE-2013-5482Sep 13, 2013
    risk 0.00cvss epss 0.01

    Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug…

  • CVE-2013-5488Sep 12, 2013
    risk 0.00cvss epss 0.02

    Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of…

  • CVE-2013-3446Sep 12, 2013
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849.

  • CVE-2013-5483Sep 8, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868.

  • CVE-2013-3458Sep 8, 2013
    risk 0.00cvss epss 0.01

    Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID CSCuh19462.

  • CVE-2013-1228Sep 6, 2013
    risk 0.00cvss epss 0.00

    Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280.

  • CVE-2013-1119Sep 6, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data…

Page 120 of 145