VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,230 total · sorted by risk
  • CVE-2013-1134Feb 27, 2013
    risk 0.00cvss epss 0.01

    The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against…

  • CVE-2013-1133Feb 27, 2013
    risk 0.00cvss epss 0.01

    Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.

  • CVE-2013-1139Feb 27, 2013
    risk 0.00cvss epss 0.01

    The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.

  • CVE-2013-1138Feb 25, 2013
    risk 0.00cvss epss 0.01

    The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.

  • CVE-2013-1129Feb 19, 2013
    risk 0.00cvss epss 0.01

    Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736.

  • CVE-2013-1125Feb 19, 2013
    risk 0.00cvss epss 0.00

    The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified…

  • CVE-2013-1128Feb 15, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are…

  • CVE-2013-1123Feb 15, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706.

  • CVE-2013-1131Feb 13, 2013
    risk 0.00cvss epss 0.01

    Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182,…

  • CVE-2013-1122Feb 13, 2013
    risk 0.00cvss epss 0.01

    Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.

  • CVE-2013-1111Feb 13, 2013
    risk 0.00cvss epss 0.01

    The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038.

  • CVE-2013-1100Feb 13, 2013
    risk 0.00cvss epss 0.01

    The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.

  • CVE-2013-1107Feb 6, 2013
    risk 0.00cvss epss 0.01

    The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.

  • CVE-2013-1113Jan 31, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042.

  • CVE-2013-1112Jan 31, 2013
    risk 0.00cvss epss 0.02

    Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136.

  • CVE-2012-6029Jan 31, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4)…

  • CVE-2013-1105Jan 24, 2013
    risk 0.00cvss epss 0.03

    Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug…

  • CVE-2013-1104Jan 24, 2013
    risk 0.00cvss epss 0.04

    The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.

  • CVE-2013-1103Jan 24, 2013
    risk 0.00cvss epss 0.02

    Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.

  • CVE-2013-1102Jan 24, 2013
    risk 0.00cvss epss 0.02

    The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP…

  • CVE-2013-1110Jan 21, 2013
    risk 0.00cvss epss 0.02

    Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065.

  • CVE-2013-1108Jan 21, 2013
    risk 0.00cvss epss 0.01

    Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064.

  • CVE-2012-6396Jan 19, 2013
    risk 0.00cvss epss 0.01

    Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new…

  • CVE-2012-6395Jan 18, 2013
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.

  • CVE-2012-5717Jan 18, 2013
    risk 0.00cvss epss 0.01

    Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.

  • CVE-2012-5429Jan 17, 2013
    risk 0.00cvss epss 0.00

    The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.

  • CVE-2013-1109Jan 17, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.

  • CVE-2012-6397Jan 17, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977.

  • CVE-2012-6392Jan 17, 2013
    risk 0.00cvss epss 0.05

    Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.

  • CVE-2012-5444Jan 17, 2013
    risk 0.00cvss epss 0.01

    Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.

  • CVE-2012-5419Jan 17, 2013
    risk 0.00cvss epss 0.01

    Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741.

  • CVE-2012-5445Dec 28, 2012
    risk 0.00cvss epss 0.00

    The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2012-5424Nov 7, 2012
    risk 0.00cvss epss 0.02

    Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username…

  • CVE-2012-5417Nov 2, 2012
    risk 0.00cvss epss 0.03

    Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug…

  • CVE-2012-5416Nov 2, 2012
    risk 0.00cvss epss 0.02

    Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341.

  • CVE-2012-4663Oct 29, 2012
    risk 0.00cvss epss 0.02

    The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services…

  • CVE-2012-4662Oct 29, 2012
    risk 0.00cvss epss 0.02

    The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services…

  • CVE-2012-4661Oct 29, 2012
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13),…

  • CVE-2012-4660Oct 29, 2012
    risk 0.00cvss epss 0.02

    The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6…

  • CVE-2012-4659Oct 29, 2012
    risk 0.00cvss epss 0.03

    The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote…

  • CVE-2012-4643Oct 29, 2012
    risk 0.00cvss epss 0.02

    The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56),…

  • CVE-2012-3941Oct 25, 2012
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850.

  • CVE-2012-3940Oct 25, 2012
    risk 0.00cvss epss 0.05

    Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958.

  • CVE-2012-3939Oct 25, 2012
    risk 0.00cvss epss 0.05

    Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331.

  • CVE-2012-3938Oct 25, 2012
    risk 0.00cvss epss 0.05

    Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583.

  • CVE-2012-3937Oct 25, 2012
    risk 0.00cvss epss 0.05

    Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967.

  • CVE-2012-3936Oct 25, 2012
    risk 0.00cvss epss 0.05

    Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962.

  • CVE-2012-4623Sep 27, 2012
    risk 0.00cvss epss 0.03

    The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device…

  • CVE-2012-4622Sep 27, 2012
    risk 0.00cvss epss 0.02

    Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.

  • CVE-2012-4621Sep 27, 2012
    risk 0.00cvss epss 0.02

    The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.

Page 125 of 145