Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,231 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2486 | 0.00 | — | 0.02 | Jul 12, 2012 | The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote… | |||
| CVE-2012-3057 | 0.00 | — | 0.03 | Jun 29, 2012 | Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in… | |||
| CVE-2012-3056 | 0.00 | — | 0.03 | Jun 29, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory… | |||
| CVE-2012-3055 | 0.00 | — | 0.03 | Jun 29, 2012 | Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a… | |||
| CVE-2012-3054 | 0.00 | — | 0.04 | Jun 29, 2012 | Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka… | |||
| CVE-2012-3053 | 0.00 | — | 0.03 | Jun 29, 2012 | Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug… | |||
| CVE-2012-3063 | 0.00 | — | 0.01 | Jun 20, 2012 | Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in… | |||
| CVE-2012-3058 | 0.00 | — | 0.02 | Jun 20, 2012 | Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device… | |||
| CVE-2012-2496 | 0.00 | — | 0.02 | Jun 20, 2012 | A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code… | |||
| CVE-2012-2495 | 0.00 | — | 0.01 | Jun 20, 2012 | The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a… | |||
| CVE-2012-2494 | 0.00 | — | 0.01 | Jun 20, 2012 | The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a… | |||
| CVE-2012-2493 | 0.00 | — | 0.04 | Jun 20, 2012 | The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader… | |||
| CVE-2011-2545 | 0.00 | — | 0.01 | Jun 13, 2012 | Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an… | |||
| CVE-2012-2488 | 0.00 | — | 0.02 | May 31, 2012 | Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. | |||
| CVE-2012-1328 | 0.00 | — | 0.00 | May 3, 2012 | Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237. | |||
| CVE-2012-1327 | 0.00 | — | 0.01 | May 3, 2012 | dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. | |||
| CVE-2012-1324 | 0.00 | — | 0.01 | May 3, 2012 | Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534. | |||
| CVE-2012-0378 | 0.00 | — | 0.01 | May 3, 2012 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection… | |||
| CVE-2012-0376 | 0.00 | — | 0.01 | May 3, 2012 | The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. | |||
| CVE-2011-4237 | 0.00 | — | 0.01 | May 3, 2012 | CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter,… | |||
| CVE-2011-4232 | 0.00 | — | 0.01 | May 3, 2012 | The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. | |||
| CVE-2011-4231 | 0.00 | — | 0.01 | May 3, 2012 | Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. | |||
| CVE-2011-4023 | 0.00 | — | 0.01 | May 3, 2012 | Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682. | |||
| CVE-2011-4022 | 0.00 | — | 0.01 | May 3, 2012 | The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204. | |||
| CVE-2011-4019 | 0.00 | — | 0.01 | May 3, 2012 | Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. | |||
| CVE-2012-0362 | 0.00 | — | 0.01 | May 2, 2012 | The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. | |||
| CVE-2012-0361 | 0.00 | — | 0.01 | May 2, 2012 | The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook… | |||
| CVE-2012-0339 | 0.00 | — | 0.01 | May 2, 2012 | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. | |||
| CVE-2012-0338 | 0.00 | — | 0.01 | May 2, 2012 | Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. | |||
| CVE-2012-0337 | 0.00 | — | 0.01 | May 2, 2012 | SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. | |||
| CVE-2012-0335 | 0.00 | — | 0.02 | May 2, 2012 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID… | |||
| CVE-2012-0333 | 0.00 | — | 0.01 | May 2, 2012 | Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. | |||
| CVE-2011-4016 | 0.00 | — | 0.01 | May 2, 2012 | The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. | |||
| CVE-2011-4015 | 0.00 | — | 0.01 | May 2, 2012 | Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. | |||
| CVE-2011-4014 | 0.00 | — | 0.01 | May 2, 2012 | The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. | |||
| CVE-2011-4012 | 0.00 | — | 0.01 | May 2, 2012 | Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091. | |||
| CVE-2011-4007 | 0.00 | — | 0.01 | May 2, 2012 | Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576. | |||
| CVE-2011-4006 | 0.00 | — | 0.01 | May 2, 2012 | The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565. | |||
| CVE-2011-3317 | 0.00 | — | 0.01 | May 2, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. | |||
| CVE-2011-3309 | 0.00 | — | 0.01 | May 2, 2012 | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, aka Bug ID… | |||
| CVE-2011-3295 | 0.00 | — | 0.02 | May 2, 2012 | The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888. | |||
| CVE-2011-3293 | 0.00 | — | 0.01 | May 2, 2012 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID… | |||
| CVE-2011-3289 | 0.00 | — | 0.00 | May 2, 2012 | Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640. | |||
| CVE-2011-3285 | 0.00 | — | 0.02 | May 2, 2012 | CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug… | |||
| CVE-2011-3283 | 0.00 | — | 0.02 | May 2, 2012 | Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887. | |||
| CVE-2011-2586 | 0.00 | — | 0.01 | May 2, 2012 | The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249. | |||
| CVE-2011-2583 | 0.00 | — | 0.02 | May 2, 2012 | Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834. | |||
| CVE-2011-2578 | 0.00 | — | 0.03 | May 2, 2012 | Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366. | |||
| CVE-2012-1336 | 0.00 | — | 0.05 | Apr 5, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than… | |||
| CVE-2012-1335 | 0.00 | — | 0.04 | Apr 5, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than… |
- CVE-2012-2486Jul 12, 2012risk 0.00cvss —epss 0.02
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote…
- CVE-2012-3057Jun 29, 2012risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in…
- CVE-2012-3056Jun 29, 2012risk 0.00cvss —epss 0.03
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory…
- CVE-2012-3055Jun 29, 2012risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a…
- CVE-2012-3054Jun 29, 2012risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka…
- CVE-2012-3053Jun 29, 2012risk 0.00cvss —epss 0.03
Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug…
- CVE-2012-3063Jun 20, 2012risk 0.00cvss —epss 0.01
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in…
- CVE-2012-3058Jun 20, 2012risk 0.00cvss —epss 0.02
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device…
- CVE-2012-2496Jun 20, 2012risk 0.00cvss —epss 0.02
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code…
- CVE-2012-2495Jun 20, 2012risk 0.00cvss —epss 0.01
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a…
- CVE-2012-2494Jun 20, 2012risk 0.00cvss —epss 0.01
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a…
- CVE-2012-2493Jun 20, 2012risk 0.00cvss —epss 0.04
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader…
- CVE-2011-2545Jun 13, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an…
- CVE-2012-2488May 31, 2012risk 0.00cvss —epss 0.02
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
- CVE-2012-1328May 3, 2012risk 0.00cvss —epss 0.00
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
- CVE-2012-1327May 3, 2012risk 0.00cvss —epss 0.01
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391.
- CVE-2012-1324May 3, 2012risk 0.00cvss —epss 0.01
Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534.
- CVE-2012-0378May 3, 2012risk 0.00cvss —epss 0.01
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection…
- CVE-2012-0376May 3, 2012risk 0.00cvss —epss 0.01
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
- CVE-2011-4237May 3, 2012risk 0.00cvss —epss 0.01
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter,…
- CVE-2011-4232May 3, 2012risk 0.00cvss —epss 0.01
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070.
- CVE-2011-4231May 3, 2012risk 0.00cvss —epss 0.01
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
- CVE-2011-4023May 3, 2012risk 0.00cvss —epss 0.01
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
- CVE-2011-4022May 3, 2012risk 0.00cvss —epss 0.01
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
- CVE-2011-4019May 3, 2012risk 0.00cvss —epss 0.01
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
- CVE-2012-0362May 2, 2012risk 0.00cvss —epss 0.01
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106.
- CVE-2012-0361May 2, 2012risk 0.00cvss —epss 0.01
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook…
- CVE-2012-0339May 2, 2012risk 0.00cvss —epss 0.01
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774.
- CVE-2012-0338May 2, 2012risk 0.00cvss —epss 0.01
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113.
- CVE-2012-0337May 2, 2012risk 0.00cvss —epss 0.01
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.
- CVE-2012-0335May 2, 2012risk 0.00cvss —epss 0.02
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID…
- CVE-2012-0333May 2, 2012risk 0.00cvss —epss 0.01
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
- CVE-2011-4016May 2, 2012risk 0.00cvss —epss 0.01
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.
- CVE-2011-4015May 2, 2012risk 0.00cvss —epss 0.01
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
- CVE-2011-4014May 2, 2012risk 0.00cvss —epss 0.01
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.
- CVE-2011-4012May 2, 2012risk 0.00cvss —epss 0.01
Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091.
- CVE-2011-4007May 2, 2012risk 0.00cvss —epss 0.01
Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.
- CVE-2011-4006May 2, 2012risk 0.00cvss —epss 0.01
The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.
- CVE-2011-3317May 2, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192.
- CVE-2011-3309May 2, 2012risk 0.00cvss —epss 0.01
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, aka Bug ID…
- CVE-2011-3295May 2, 2012risk 0.00cvss —epss 0.02
The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888.
- CVE-2011-3293May 2, 2012risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID…
- CVE-2011-3289May 2, 2012risk 0.00cvss —epss 0.00
Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640.
- CVE-2011-3285May 2, 2012risk 0.00cvss —epss 0.02
CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug…
- CVE-2011-3283May 2, 2012risk 0.00cvss —epss 0.02
Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887.
- CVE-2011-2586May 2, 2012risk 0.00cvss —epss 0.01
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
- CVE-2011-2583May 2, 2012risk 0.00cvss —epss 0.02
Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834.
- CVE-2011-2578May 2, 2012risk 0.00cvss —epss 0.03
Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366.
- CVE-2012-1336Apr 5, 2012risk 0.00cvss —epss 0.05
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than…
- CVE-2012-1335Apr 5, 2012risk 0.00cvss —epss 0.04
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than…
Page 127 of 145