VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2016-6358HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases:…

  • CVE-2016-6357HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More…

  • CVE-2016-6356HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS)…

  • CVE-2016-1486HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and…

  • CVE-2016-1481HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects…

  • CVE-2016-1480HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device.…

  • CVE-2016-6446HigOct 27, 2016
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0.

  • CVE-2016-6439HigOct 27, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is…

  • CVE-2016-6431HigOct 27, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment…

  • CVE-2016-6422HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized…

  • CVE-2015-6393HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs…

  • CVE-2015-6392HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug…

  • CVE-2016-6426HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs…

  • CVE-2016-6393HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.05

    The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka…

  • CVE-2016-6391HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036.

  • CVE-2016-6385HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367.

  • CVE-2016-6379HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089.

  • CVE-2016-6378HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853.

  • CVE-2016-1455HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.

  • CVE-2016-6392HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message, aka Bug ID CSCud36767.

  • CVE-2016-6386HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID CSCux66005.

  • CVE-2016-6384HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.04

    Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.

  • CVE-2016-6382HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.05

    Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399.

  • CVE-2016-6381HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382.

  • CVE-2016-6419HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.01

    SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.

  • CVE-2016-6411HigSep 24, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.

  • CVE-2016-6409HigSep 24, 2016
    risk 0.49cvss 7.5epss 0.02

    The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015.

  • CVE-2016-6408HigSep 24, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.

  • CVE-2016-1483HigSep 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.

  • CVE-2016-6407HigSep 17, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

  • CVE-2016-6399HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317.

  • CVE-2016-6371HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

  • CVE-2016-1469HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.03

    The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.

  • CVE-2016-1472HigSep 2, 2016
    risk 0.49cvss 7.5epss 0.03

    The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238.

  • CVE-2016-6364HigAug 23, 2016
    risk 0.49cvss 7.5epss 0.02

    The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.

  • CVE-2016-6355HigAug 23, 2016
    risk 0.49cvss 7.5epss 0.03

    Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.

  • CVE-2016-1484HigAug 23, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724.

  • CVE-2016-1479HigAug 22, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.

  • CVE-2016-1478HigAug 8, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.

  • CVE-2016-1466HigAug 8, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID…

  • CVE-2016-1429HigAug 8, 2016
    risk 0.49cvss 7.5epss 0.07

    Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.

  • CVE-2016-1461HigAug 1, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.

  • CVE-2016-1463HigJul 28, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.

  • CVE-2016-1450HigJul 15, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715.

  • CVE-2016-1426HigJul 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.

  • CVE-2016-1438HigJun 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.

  • CVE-2016-1436HigJun 23, 2016
    risk 0.49cvss 7.5epss 0.02

    The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID…

  • CVE-2015-6289HigJun 23, 2016
    risk 0.49cvss 7.5epss 0.04

    Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.

  • CVE-2016-1427HigJun 18, 2016
    risk 0.49cvss 7.5epss 0.02

    The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.

  • CVE-2016-1421HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the…

Page 15 of 145