VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2008-2636Jun 10, 2008
    risk 0.00cvss epss 0.03

    The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page"…

  • CVE-2008-2055Jun 4, 2008
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface.

  • CVE-2008-2059Jun 4, 2008
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.

  • CVE-2008-2056Jun 4, 2008
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface.

  • CVE-2008-2058Jun 4, 2008
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device.

  • CVE-2008-2057Jun 4, 2008
    risk 0.00cvss epss 0.03

    The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet.

  • CVE-2008-2054May 29, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.

  • CVE-2008-0536May 22, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that…

  • CVE-2008-0534May 22, 2008
    risk 0.00cvss epss 0.04

    The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582.

  • CVE-2008-1159May 22, 2008
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.

  • CVE-2008-2053May 22, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.

  • CVE-2008-0535May 22, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the…

  • CVE-2008-1746May 16, 2008
    risk 0.00cvss epss 0.02

    The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of…

  • CVE-2008-1744May 16, 2008
    risk 0.00cvss epss 0.01

    The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID…

  • CVE-2008-1742May 16, 2008
    risk 0.00cvss epss 0.01

    Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as…

  • CVE-2008-1743May 16, 2008
    risk 0.00cvss epss 0.01

    Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed…

  • CVE-2008-1745May 16, 2008
    risk 0.00cvss epss 0.02

    Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.

  • CVE-2008-2165May 16, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

  • CVE-2008-1740May 16, 2008
    risk 0.00cvss epss 0.02

    The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972.

  • CVE-2008-1748May 16, 2008
    risk 0.00cvss epss 0.02

    Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE…

  • CVE-2008-1747May 16, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE…

  • CVE-2008-1741May 16, 2008
    risk 0.00cvss epss 0.02

    The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.

  • CVE-2008-1158May 16, 2008
    risk 0.00cvss epss 0.02

    The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.

  • CVE-2008-1749May 14, 2008
    risk 0.00cvss epss 0.02

    Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8) and Cisco Content Switching Module with SSL (CSM-S) 2.1(2) up to 2.1(7) allows remote attackers to cause a denial of service (memory consumption) via TCP segments with an unspecified combination of TCP flags.

  • CVE-2008-1155Apr 16, 2008
    risk 0.00cvss epss 0.03

    Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs.

  • CVE-2008-1154Apr 4, 2008
    risk 0.00cvss epss 0.05

    The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for…

  • CVE-2008-1150Mar 27, 2008
    risk 0.00cvss epss 0.02

    The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process…

  • CVE-2008-1152Mar 27, 2008
    risk 0.00cvss epss 0.04

    The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.

  • CVE-2008-1151Mar 27, 2008
    risk 0.00cvss epss 0.02

    Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka…

  • CVE-2008-1153Mar 27, 2008
    risk 0.00cvss epss 0.06

    Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.

  • CVE-2008-1156Mar 27, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.

  • CVE-2008-0537Mar 27, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial…

  • CVE-2007-6707Mar 13, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574.

  • CVE-2007-6708Mar 13, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated…

  • CVE-2007-6709Mar 13, 2008
    risk 0.00cvss epss 0.02

    The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.

  • CVE-2008-1113Mar 3, 2008
    risk 0.00cvss epss 0.01

    Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

  • CVE-2008-0527Feb 15, 2008
    risk 0.00cvss epss 0.02

    The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request.

  • CVE-2008-0526Feb 15, 2008
    risk 0.00cvss epss 0.02

    Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet.

  • CVE-2008-0531Feb 15, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.

  • CVE-2008-0529Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.

  • CVE-2008-0528Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data.

  • CVE-2008-0530Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response.

  • CVE-2008-0029Jan 23, 2008
    risk 0.00cvss epss 0.02

    Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.

  • CVE-2008-0028Jan 23, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a…

  • CVE-2007-5584Dec 20, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."

  • CVE-2007-5582Dec 15, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-6190Nov 30, 2007
    risk 0.00cvss epss 0.01

    The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL…

  • CVE-2007-5581Nov 8, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.

  • CVE-2007-5651Oct 23, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on…

  • CVE-2007-5571Oct 18, 2007
    risk 0.00cvss epss 0.02

    Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536.

Page 137 of 145