VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2012-0384HigMar 29, 2012
    risk 0.47cvss 7.2epss 0.04

    Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to…

  • CVE-2026-28941HigMay 11, 2026
    risk 0.46cvss 7.1epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.

  • CVE-2026-20641HigFeb 11, 2026
    risk 0.46cvss 7.1epss 0.00

    A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps…

  • CVE-2026-20628HigFeb 11, 2026
    risk 0.46cvss 7.1epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of…

  • CVE-2026-20617HigFeb 11, 2026
    risk 0.46cvss 7.0epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.

  • CVE-2026-20606HigFeb 11, 2026
    risk 0.46cvss 7.1epss 0.00

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences.

  • CVE-2025-43338HigNov 4, 2025
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process…

  • CVE-2025-20317HigAug 27, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification…

  • CVE-2025-43224HigJul 30, 2025
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  • CVE-2025-43221HigJul 30, 2025
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  • CVE-2025-31219HigMay 12, 2025
    risk 0.46cvss 7.1epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system…

  • CVE-2025-24257HigMar 31, 2025
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel memory.

  • CVE-2025-24209HigMar 31, 2025
    risk 0.46cvss 7.0epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2018-0092HigJan 18, 2018
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device.…

  • CVE-2017-12215HigSep 21, 2017
    risk 0.46cvss 7.1epss 0.02

    A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system…

  • CVE-2017-6767HigAug 17, 2017
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those…

  • CVE-2017-6728HigJul 10, 2017
    risk 0.46cvss 7.0epss 0.00

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE.…

  • CVE-2017-6625HigMay 3, 2017
    risk 0.46cvss 7.1epss 0.02

    A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting…

  • CVE-2017-6601HigApr 7, 2017
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More…

  • CVE-2016-1435HigJun 23, 2016
    risk 0.46cvss 7.0epss 0.00

    Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.

  • CVE-2016-1393HigMay 12, 2016
    risk 0.46cvss 7.1epss 0.01

    SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.

  • CVE-2016-1360HigMar 12, 2016
    risk 0.46cvss 7.1epss 0.00

    Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.

  • CVE-2026-20171MedMay 20, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a…

  • CVE-2026-20025MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker…

  • CVE-2026-20024MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker…

  • CVE-2026-20020MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the…

  • CVE-2026-20050MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability…

  • CVE-2026-20099MedFeb 25, 2026
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges…

  • CVE-2025-20314MedSep 24, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is…

  • CVE-2025-20313MedSep 24, 2025
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These…

  • CVE-2025-31228MedMay 12, 2025
    risk 0.44cvss 6.8epss 0.00

    The issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to access notes from the lock screen.

  • CVE-2021-34752MedNov 15, 2024
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to…

  • CVE-2024-20413MedAug 28, 2024
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vulnerability is due to insufficient security restrictions when executing…

  • CVE-2024-20411MedAug 28, 2024
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands…

  • CVE-2018-15428MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update…

  • CVE-2018-15399MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service…

  • CVE-2018-15397MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device…

  • CVE-2018-15396MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not…

  • CVE-2018-15390MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected…

  • CVE-2018-15376MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The…

  • CVE-2018-15375MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The…

  • CVE-2018-15374MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures…

  • CVE-2018-15371MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has…

  • CVE-2018-15370MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due…

  • CVE-2018-15369MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.02

    A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling…

  • CVE-2018-15368MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected…

  • CVE-2018-0481MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes…

  • CVE-2018-0477MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes…

  • CVE-2018-0469MedOct 5, 2018
    risk 0.44cvss 6.8epss 0.03

    A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are…

  • CVE-2018-0428MedAug 15, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper…

Page 18 of 145