VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2016-1405HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.03

    libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial…

  • CVE-2016-1409HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.04

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as…

  • CVE-2016-1404HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic…

  • CVE-2016-1410HigMay 28, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

  • CVE-2016-1407HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.

  • CVE-2016-1400HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258.

  • CVE-2016-1383HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.

  • CVE-2016-1382HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.

  • CVE-2016-1381HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.

  • CVE-2016-1380HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.

  • CVE-2016-1402HigMay 21, 2016
    risk 0.49cvss 7.5epss 0.02

    The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication…

  • CVE-2016-1399HigMay 14, 2016
    risk 0.49cvss 7.5epss 0.02

    The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via…

  • CVE-2016-1369HigMay 5, 2016
    risk 0.49cvss 7.5epss 0.02

    The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and…

  • CVE-2016-1368HigMay 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing…

  • CVE-2016-1386HigApr 28, 2016
    risk 0.49cvss 7.5epss 0.01

    The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.

  • CVE-2016-1367HigApr 21, 2016
    risk 0.49cvss 7.5epss 0.02

    The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248.

  • CVE-2016-1364HigApr 21, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908.

  • CVE-2016-1362HigApr 21, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCun86747.

  • CVE-2015-6360HigApr 21, 2016
    risk 0.49cvss 7.5epss 0.08

    The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

  • CVE-2016-1384HigApr 20, 2016
    risk 0.49cvss 7.5epss 0.02

    The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.

  • CVE-2015-6313HigApr 6, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP…

  • CVE-2015-6312HigApr 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.

  • CVE-2016-1345HigApr 1, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

  • CVE-2016-1351HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.04

    The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.

  • CVE-2016-1350HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

  • CVE-2016-1349HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.02

    The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

  • CVE-2016-1348HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

  • CVE-2016-1347HigMar 24, 2016
    risk 0.49cvss 7.5epss 0.01

    The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.

  • CVE-2016-1326HigMar 9, 2016
    risk 0.49cvss 7.5epss 0.03

    The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105.

  • CVE-2016-1325HigMar 9, 2016
    risk 0.49cvss 7.5epss 0.04

    The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.

  • CVE-2016-1312HigMar 9, 2016
    risk 0.49cvss 7.5epss 0.03

    The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID…

  • CVE-2015-6260HigMar 3, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

  • CVE-2015-0718HigMar 3, 2016
    risk 0.49cvss 7.5epss 0.04

    Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session,…

  • CVE-2016-1335HigFeb 19, 2016
    risk 0.49cvss 7.5epss 0.03

    The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint…

  • CVE-2016-1322HigFeb 12, 2016
    risk 0.49cvss 7.5epss 0.01

    The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.

  • CVE-2016-1315HigFeb 12, 2016
    risk 0.49cvss 7.5epss 0.01

    The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID…

  • CVE-2015-6398HigFeb 7, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.

  • CVE-2016-1303HigJan 30, 2016
    risk 0.49cvss 7.5epss 0.01

    The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.

  • CVE-2015-6421HigJan 27, 2016
    risk 0.49cvss 7.5epss 0.02

    cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted…

  • CVE-2016-1296HigJan 20, 2016
    risk 0.49cvss 7.5epss 0.02

    The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.

  • CVE-2015-6320HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.02

    The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138.

  • CVE-2015-6432HigJan 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted…

  • CVE-2012-0382HigMar 29, 2012
    risk 0.49cvss 7.5epss 0.04

    The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of…

  • CVE-2012-0381HigMar 29, 2012
    risk 0.49cvss 7.5epss 0.04

    The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending…

  • CVE-2011-2058HigOct 22, 2011
    risk 0.49cvss 7.5epss 0.02

    The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL…

  • CVE-2011-2057HigOct 22, 2011
    risk 0.49cvss 7.5epss 0.02

    The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to…

  • CVE-2011-1640HigOct 22, 2011
    risk 0.49cvss 7.5epss 0.02

    The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354.

  • CVE-2011-3288HigOct 6, 2011
    risk 0.49cvss 7.5epss 0.02

    Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity…

  • CVE-2011-3280HigOct 3, 2011
    risk 0.49cvss 7.5epss 0.02

    Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCtj04672.

  • CVE-2008-4390HigDec 9, 2008
    risk 0.49cvss 7.5epss 0.03

    The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

Page 16 of 145