Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,230 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1134 | 0.00 | — | 0.01 | Feb 27, 2013 | The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against… | |||
| CVE-2013-1133 | 0.00 | — | 0.01 | Feb 27, 2013 | Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337. | |||
| CVE-2013-1139 | 0.00 | — | 0.01 | Feb 27, 2013 | The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134. | |||
| CVE-2013-1138 | 0.00 | — | 0.01 | Feb 25, 2013 | The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386. | |||
| CVE-2013-1129 | 0.00 | — | 0.01 | Feb 19, 2013 | Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. | |||
| CVE-2013-1125 | 0.00 | — | 0.00 | Feb 19, 2013 | The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified… | |||
| CVE-2013-1128 | 0.00 | — | 0.01 | Feb 15, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are… | |||
| CVE-2013-1123 | 0.00 | — | 0.01 | Feb 15, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706. | |||
| CVE-2013-1131 | 0.00 | — | 0.01 | Feb 13, 2013 | Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182,… | |||
| CVE-2013-1122 | 0.00 | — | 0.01 | Feb 13, 2013 | Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. | |||
| CVE-2013-1111 | 0.00 | — | 0.01 | Feb 13, 2013 | The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. | |||
| CVE-2013-1100 | 0.00 | — | 0.01 | Feb 13, 2013 | The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. | |||
| CVE-2013-1107 | 0.00 | — | 0.01 | Feb 6, 2013 | The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. | |||
| CVE-2013-1113 | 0.00 | — | 0.01 | Jan 31, 2013 | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042. | |||
| CVE-2013-1112 | 0.00 | — | 0.02 | Jan 31, 2013 | Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. | |||
| CVE-2012-6029 | 0.00 | — | 0.01 | Jan 31, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4)… | |||
| CVE-2013-1105 | 0.00 | — | 0.03 | Jan 24, 2013 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug… | |||
| CVE-2013-1104 | 0.00 | — | 0.04 | Jan 24, 2013 | The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. | |||
| CVE-2013-1103 | 0.00 | — | 0.02 | Jan 24, 2013 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. | |||
| CVE-2013-1102 | 0.00 | — | 0.02 | Jan 24, 2013 | The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP… | |||
| CVE-2013-1110 | 0.00 | — | 0.02 | Jan 21, 2013 | Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. | |||
| CVE-2013-1108 | 0.00 | — | 0.01 | Jan 21, 2013 | Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. | |||
| CVE-2012-6396 | 0.00 | — | 0.01 | Jan 19, 2013 | Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new… | |||
| CVE-2012-6395 | 0.00 | — | 0.02 | Jan 18, 2013 | Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. | |||
| CVE-2012-5717 | 0.00 | — | 0.01 | Jan 18, 2013 | Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462. | |||
| CVE-2012-5429 | 0.00 | — | 0.00 | Jan 17, 2013 | The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. | |||
| CVE-2013-1109 | 0.00 | — | 0.01 | Jan 17, 2013 | Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. | |||
| CVE-2012-6397 | 0.00 | — | 0.01 | Jan 17, 2013 | Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977. | |||
| CVE-2012-6392 | 0.00 | — | 0.05 | Jan 17, 2013 | Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. | |||
| CVE-2012-5444 | 0.00 | — | 0.01 | Jan 17, 2013 | Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. | |||
| CVE-2012-5419 | 0.00 | — | 0.01 | Jan 17, 2013 | Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741. | |||
| CVE-2012-5445 | 0.00 | — | 0.00 | Dec 28, 2012 | The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory… | |||
| CVE-2012-5424 | 0.00 | — | 0.02 | Nov 7, 2012 | Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username… | |||
| CVE-2012-5417 | 0.00 | — | 0.03 | Nov 2, 2012 | Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug… | |||
| CVE-2012-5416 | 0.00 | — | 0.02 | Nov 2, 2012 | Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341. | |||
| CVE-2012-4663 | 0.00 | — | 0.02 | Oct 29, 2012 | The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services… | |||
| CVE-2012-4662 | 0.00 | — | 0.02 | Oct 29, 2012 | The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services… | |||
| CVE-2012-4661 | 0.00 | — | 0.04 | Oct 29, 2012 | Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13),… | |||
| CVE-2012-4660 | 0.00 | — | 0.02 | Oct 29, 2012 | The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6… | |||
| CVE-2012-4659 | 0.00 | — | 0.03 | Oct 29, 2012 | The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote… | |||
| CVE-2012-4643 | 0.00 | — | 0.02 | Oct 29, 2012 | The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56),… | |||
| CVE-2012-3941 | 0.00 | — | 0.05 | Oct 25, 2012 | Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850. | |||
| CVE-2012-3940 | 0.00 | — | 0.05 | Oct 25, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958. | |||
| CVE-2012-3939 | 0.00 | — | 0.05 | Oct 25, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331. | |||
| CVE-2012-3938 | 0.00 | — | 0.05 | Oct 25, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583. | |||
| CVE-2012-3937 | 0.00 | — | 0.05 | Oct 25, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967. | |||
| CVE-2012-3936 | 0.00 | — | 0.05 | Oct 25, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962. | |||
| CVE-2012-4623 | 0.00 | — | 0.03 | Sep 27, 2012 | The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device… | |||
| CVE-2012-4622 | 0.00 | — | 0.02 | Sep 27, 2012 | Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456. | |||
| CVE-2012-4621 | 0.00 | — | 0.02 | Sep 27, 2012 | The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049. |
- CVE-2013-1134Feb 27, 2013risk 0.00cvss —epss 0.01
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against…
- CVE-2013-1133Feb 27, 2013risk 0.00cvss —epss 0.01
Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.
- CVE-2013-1139Feb 27, 2013risk 0.00cvss —epss 0.01
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
- CVE-2013-1138Feb 25, 2013risk 0.00cvss —epss 0.01
The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.
- CVE-2013-1129Feb 19, 2013risk 0.00cvss —epss 0.01
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736.
- CVE-2013-1125Feb 19, 2013risk 0.00cvss —epss 0.00
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified…
- CVE-2013-1128Feb 15, 2013risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are…
- CVE-2013-1123Feb 15, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706.
- CVE-2013-1131Feb 13, 2013risk 0.00cvss —epss 0.01
Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182,…
- CVE-2013-1122Feb 13, 2013risk 0.00cvss —epss 0.01
Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.
- CVE-2013-1111Feb 13, 2013risk 0.00cvss —epss 0.01
The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038.
- CVE-2013-1100Feb 13, 2013risk 0.00cvss —epss 0.01
The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.
- CVE-2013-1107Feb 6, 2013risk 0.00cvss —epss 0.01
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.
- CVE-2013-1113Jan 31, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042.
- CVE-2013-1112Jan 31, 2013risk 0.00cvss —epss 0.02
Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136.
- CVE-2012-6029Jan 31, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4)…
- CVE-2013-1105Jan 24, 2013risk 0.00cvss —epss 0.03
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug…
- CVE-2013-1104Jan 24, 2013risk 0.00cvss —epss 0.04
The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
- CVE-2013-1103Jan 24, 2013risk 0.00cvss —epss 0.02
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.
- CVE-2013-1102Jan 24, 2013risk 0.00cvss —epss 0.02
The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP…
- CVE-2013-1110Jan 21, 2013risk 0.00cvss —epss 0.02
Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065.
- CVE-2013-1108Jan 21, 2013risk 0.00cvss —epss 0.01
Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064.
- CVE-2012-6396Jan 19, 2013risk 0.00cvss —epss 0.01
Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new…
- CVE-2012-6395Jan 18, 2013risk 0.00cvss —epss 0.02
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.
- CVE-2012-5717Jan 18, 2013risk 0.00cvss —epss 0.01
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.
- CVE-2012-5429Jan 17, 2013risk 0.00cvss —epss 0.00
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
- CVE-2013-1109Jan 17, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.
- CVE-2012-6397Jan 17, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977.
- CVE-2012-6392Jan 17, 2013risk 0.00cvss —epss 0.05
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.
- CVE-2012-5444Jan 17, 2013risk 0.00cvss —epss 0.01
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.
- CVE-2012-5419Jan 17, 2013risk 0.00cvss —epss 0.01
Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741.
- CVE-2012-5445Dec 28, 2012risk 0.00cvss —epss 0.00
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory…
- CVE-2012-5424Nov 7, 2012risk 0.00cvss —epss 0.02
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username…
- CVE-2012-5417Nov 2, 2012risk 0.00cvss —epss 0.03
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug…
- CVE-2012-5416Nov 2, 2012risk 0.00cvss —epss 0.02
Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341.
- CVE-2012-4663Oct 29, 2012risk 0.00cvss —epss 0.02
The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services…
- CVE-2012-4662Oct 29, 2012risk 0.00cvss —epss 0.02
The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services…
- CVE-2012-4661Oct 29, 2012risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13),…
- CVE-2012-4660Oct 29, 2012risk 0.00cvss —epss 0.02
The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6…
- CVE-2012-4659Oct 29, 2012risk 0.00cvss —epss 0.03
The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote…
- CVE-2012-4643Oct 29, 2012risk 0.00cvss —epss 0.02
The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56),…
- CVE-2012-3941Oct 25, 2012risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850.
- CVE-2012-3940Oct 25, 2012risk 0.00cvss —epss 0.05
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958.
- CVE-2012-3939Oct 25, 2012risk 0.00cvss —epss 0.05
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331.
- CVE-2012-3938Oct 25, 2012risk 0.00cvss —epss 0.05
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583.
- CVE-2012-3937Oct 25, 2012risk 0.00cvss —epss 0.05
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967.
- CVE-2012-3936Oct 25, 2012risk 0.00cvss —epss 0.05
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962.
- CVE-2012-4623Sep 27, 2012risk 0.00cvss —epss 0.03
The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device…
- CVE-2012-4622Sep 27, 2012risk 0.00cvss —epss 0.02
Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.
- CVE-2012-4621Sep 27, 2012risk 0.00cvss —epss 0.02
The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.
Page 125 of 145