Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,230 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1228 | 0.00 | — | 0.00 | Sep 6, 2013 | Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280. | |||
| CVE-2013-1119 | 0.00 | — | 0.03 | Sep 6, 2013 | Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data… | |||
| CVE-2013-1118 | 0.00 | — | 0.03 | Sep 6, 2013 | Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645. | |||
| CVE-2013-1117 | 0.00 | — | 0.03 | Sep 6, 2013 | Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF… | |||
| CVE-2013-1116 | 0.00 | — | 0.03 | Sep 6, 2013 | Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka… | |||
| CVE-2013-1115 | 0.00 | — | 0.03 | Sep 6, 2013 | Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug… | |||
| CVE-2012-5990 | 0.00 | — | 0.02 | Sep 6, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. | |||
| CVE-2013-5471 | 0.00 | — | 0.01 | Sep 5, 2013 | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164. | |||
| CVE-2013-5470 | 0.00 | — | 0.02 | Sep 4, 2013 | Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | |||
| CVE-2013-3469 | 0.00 | — | 0.02 | Sep 4, 2013 | Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | |||
| CVE-2013-5469 | 0.00 | — | 0.02 | Aug 30, 2013 | The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399. | |||
| CVE-2013-3474 | 0.00 | — | 0.01 | Aug 30, 2013 | The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group,… | |||
| CVE-2013-3470 | 0.00 | — | 0.03 | Aug 30, 2013 | The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | |||
| CVE-2013-3467 | 0.00 | — | 0.00 | Aug 30, 2013 | Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all"… | |||
| CVE-2013-3463 | 0.00 | — | 0.02 | Aug 30, 2013 | The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug… | |||
| CVE-2012-5744 | 0.00 | — | 0.01 | Aug 30, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904. | |||
| CVE-2013-3472 | 0.00 | — | 0.01 | Aug 29, 2013 | Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. | |||
| CVE-2013-3471 | 0.00 | — | 0.01 | Aug 29, 2013 | The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. | |||
| CVE-2013-3468 | 0.00 | — | 0.03 | Aug 29, 2013 | The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270. | |||
| CVE-2013-3466 | 0.00 | — | 0.05 | Aug 29, 2013 | The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST… | |||
| CVE-2013-3462 | 0.00 | — | 0.03 | Aug 25, 2013 | Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. | |||
| CVE-2013-3461 | 0.00 | — | 0.01 | Aug 25, 2013 | Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a… | |||
| CVE-2013-3460 | 0.00 | — | 0.02 | Aug 25, 2013 | Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597. | |||
| CVE-2013-3459 | 0.00 | — | 0.01 | Aug 25, 2013 | Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. | |||
| CVE-2013-3390 | 0.00 | — | 0.01 | Aug 25, 2013 | Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158. | |||
| CVE-2013-3389 | 0.00 | — | 0.01 | Aug 25, 2013 | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port (1) 61615 or (2) 61616, aka Bug ID CSCtz90114. | |||
| CVE-2013-3388 | 0.00 | — | 0.02 | Aug 25, 2013 | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776. | |||
| CVE-2013-3387 | 0.00 | — | 0.01 | Aug 25, 2013 | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724. | |||
| CVE-2013-3453 | 0.00 | — | 0.02 | Aug 22, 2013 | Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or… | |||
| CVE-2013-3464 | 0.00 | — | 0.00 | Aug 13, 2013 | Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347. | |||
| CVE-2013-3457 | 0.00 | — | 0.02 | Aug 12, 2013 | Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772. | |||
| CVE-2013-3455 | 0.00 | — | 0.02 | Aug 12, 2013 | Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732. | |||
| CVE-2013-3454 | 0.00 | — | 0.02 | Aug 8, 2013 | Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform… | |||
| CVE-2013-3451 | 0.00 | — | 0.01 | Aug 5, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | |||
| CVE-2013-3450 | 0.00 | — | 0.01 | Aug 5, 2013 | Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | |||
| CVE-2013-3442 | 0.00 | — | 0.01 | Aug 5, 2013 | The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | |||
| CVE-2013-0149 | 0.00 | — | 0.02 | Aug 5, 2013 | The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations… | |||
| CVE-2013-3448 | 0.00 | — | 0.01 | Aug 2, 2013 | Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315. | |||
| CVE-2013-1190 | 0.00 | — | 0.01 | Aug 2, 2013 | The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by… | |||
| CVE-2013-3444 | 0.00 | — | 0.04 | Aug 1, 2013 | The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54;… | |||
| CVE-2013-3443 | 0.00 | — | 0.06 | Aug 1, 2013 | The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. | |||
| CVE-2012-3913 | 0.00 | — | 0.01 | Aug 1, 2013 | The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019. | |||
| CVE-2013-3425 | 0.00 | — | 0.01 | Jul 31, 2013 | The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. | |||
| CVE-2013-3445 | 0.00 | — | 0.03 | Jul 29, 2013 | The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572. | |||
| CVE-2013-3414 | 0.00 | — | 0.02 | Jul 25, 2013 | Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. | |||
| CVE-2013-3438 | 0.00 | — | 0.01 | Jul 24, 2013 | The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. | |||
| CVE-2013-3440 | 0.00 | — | 0.01 | Jul 23, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186. | |||
| CVE-2013-3439 | 0.00 | — | 0.02 | Jul 23, 2013 | Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182. | |||
| CVE-2013-3441 | 0.00 | — | 0.02 | Jul 23, 2013 | Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID… | |||
| CVE-2013-3437 | 0.00 | — | 0.01 | Jul 23, 2013 | SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179. |
- CVE-2013-1228Sep 6, 2013risk 0.00cvss —epss 0.00
Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280.
- CVE-2013-1119Sep 6, 2013risk 0.00cvss —epss 0.03
Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data…
- CVE-2013-1118Sep 6, 2013risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645.
- CVE-2013-1117Sep 6, 2013risk 0.00cvss —epss 0.03
Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF…
- CVE-2013-1116Sep 6, 2013risk 0.00cvss —epss 0.03
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka…
- CVE-2013-1115Sep 6, 2013risk 0.00cvss —epss 0.03
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug…
- CVE-2012-5990Sep 6, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375.
- CVE-2013-5471Sep 5, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164.
- CVE-2013-5470Sep 4, 2013risk 0.00cvss —epss 0.02
Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488.
- CVE-2013-3469Sep 4, 2013risk 0.00cvss —epss 0.02
Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794.
- CVE-2013-5469Aug 30, 2013risk 0.00cvss —epss 0.02
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399.
- CVE-2013-3474Aug 30, 2013risk 0.00cvss —epss 0.01
The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group,…
- CVE-2013-3470Aug 30, 2013risk 0.00cvss —epss 0.03
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
- CVE-2013-3467Aug 30, 2013risk 0.00cvss —epss 0.00
Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all"…
- CVE-2013-3463Aug 30, 2013risk 0.00cvss —epss 0.02
The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug…
- CVE-2012-5744Aug 30, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904.
- CVE-2013-3472Aug 29, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
- CVE-2013-3471Aug 29, 2013risk 0.00cvss —epss 0.01
The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.
- CVE-2013-3468Aug 29, 2013risk 0.00cvss —epss 0.03
The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270.
- CVE-2013-3466Aug 29, 2013risk 0.00cvss —epss 0.05
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST…
- CVE-2013-3462Aug 25, 2013risk 0.00cvss —epss 0.03
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.
- CVE-2013-3461Aug 25, 2013risk 0.00cvss —epss 0.01
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a…
- CVE-2013-3460Aug 25, 2013risk 0.00cvss —epss 0.02
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.
- CVE-2013-3459Aug 25, 2013risk 0.00cvss —epss 0.01
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
- CVE-2013-3390Aug 25, 2013risk 0.00cvss —epss 0.01
Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158.
- CVE-2013-3389Aug 25, 2013risk 0.00cvss —epss 0.01
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port (1) 61615 or (2) 61616, aka Bug ID CSCtz90114.
- CVE-2013-3388Aug 25, 2013risk 0.00cvss —epss 0.02
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776.
- CVE-2013-3387Aug 25, 2013risk 0.00cvss —epss 0.01
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724.
- CVE-2013-3453Aug 22, 2013risk 0.00cvss —epss 0.02
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or…
- CVE-2013-3464Aug 13, 2013risk 0.00cvss —epss 0.00
Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347.
- CVE-2013-3457Aug 12, 2013risk 0.00cvss —epss 0.02
Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.
- CVE-2013-3455Aug 12, 2013risk 0.00cvss —epss 0.02
Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732.
- CVE-2013-3454Aug 8, 2013risk 0.00cvss —epss 0.02
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform…
- CVE-2013-3451Aug 5, 2013risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
- CVE-2013-3450Aug 5, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
- CVE-2013-3442Aug 5, 2013risk 0.00cvss —epss 0.01
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
- CVE-2013-0149Aug 5, 2013risk 0.00cvss —epss 0.02
The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations…
- CVE-2013-3448Aug 2, 2013risk 0.00cvss —epss 0.01
Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315.
- CVE-2013-1190Aug 2, 2013risk 0.00cvss —epss 0.01
The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by…
- CVE-2013-3444Aug 1, 2013risk 0.00cvss —epss 0.04
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54;…
- CVE-2013-3443Aug 1, 2013risk 0.00cvss —epss 0.06
The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.
- CVE-2012-3913Aug 1, 2013risk 0.00cvss —epss 0.01
The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019.
- CVE-2013-3425Jul 31, 2013risk 0.00cvss —epss 0.01
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.
- CVE-2013-3445Jul 29, 2013risk 0.00cvss —epss 0.03
The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572.
- CVE-2013-3414Jul 25, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
- CVE-2013-3438Jul 24, 2013risk 0.00cvss —epss 0.01
The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.
- CVE-2013-3440Jul 23, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.
- CVE-2013-3439Jul 23, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.
- CVE-2013-3441Jul 23, 2013risk 0.00cvss —epss 0.02
Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID…
- CVE-2013-3437Jul 23, 2013risk 0.00cvss —epss 0.01
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.
Page 121 of 145