VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,228 total · sorted by risk
  • CVE-2015-6393HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs…

  • CVE-2015-6392HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug…

  • CVE-2016-6426HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs…

  • CVE-2016-6393HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.05

    The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka…

  • CVE-2016-6391HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause a denial of service (traffic-processing outage) via a crafted series of Common Industrial Protocol (CIP) requests, aka Bug ID CSCur69036.

  • CVE-2016-6385HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367.

  • CVE-2016-6379HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089.

  • CVE-2016-6378HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853.

  • CVE-2016-1455HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.

  • CVE-2016-6392HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message, aka Bug ID CSCud36767.

  • CVE-2016-6386HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID CSCux66005.

  • CVE-2016-6384HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.04

    Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.

  • CVE-2016-6382HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.05

    Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399.

  • CVE-2016-6381HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382.

  • CVE-2016-6419HigOct 5, 2016
    risk 0.49cvss 7.5epss 0.01

    SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.

  • CVE-2016-6411HigSep 24, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.

  • CVE-2016-6409HigSep 24, 2016
    risk 0.49cvss 7.5epss 0.02

    The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service (out-of-bounds access) via crafted traffic, aka Bug ID CSCuy54015.

  • CVE-2016-6408HigSep 24, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.

  • CVE-2016-1483HigSep 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.

  • CVE-2016-6407HigSep 17, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

  • CVE-2016-6399HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317.

  • CVE-2016-6371HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

  • CVE-2016-1469HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.03

    The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.

  • CVE-2016-1472HigSep 2, 2016
    risk 0.49cvss 7.5epss 0.03

    The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238.

  • CVE-2016-6364HigAug 23, 2016
    risk 0.49cvss 7.5epss 0.02

    The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.

  • CVE-2016-6355HigAug 23, 2016
    risk 0.49cvss 7.5epss 0.03

    Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.

  • CVE-2016-1484HigAug 23, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724.

  • CVE-2016-1479HigAug 22, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.

  • CVE-2016-1478HigAug 8, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.

  • CVE-2016-1466HigAug 8, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID…

  • CVE-2016-1429HigAug 8, 2016
    risk 0.49cvss 7.5epss 0.07

    Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.

  • CVE-2016-1461HigAug 1, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.

  • CVE-2016-1463HigJul 28, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.

  • CVE-2016-1450HigJul 15, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715.

  • CVE-2016-1426HigJul 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.

  • CVE-2016-1438HigJun 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.

  • CVE-2016-1436HigJun 23, 2016
    risk 0.49cvss 7.5epss 0.02

    The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID…

  • CVE-2015-6289HigJun 23, 2016
    risk 0.49cvss 7.5epss 0.04

    Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.

  • CVE-2016-1427HigJun 18, 2016
    risk 0.49cvss 7.5epss 0.02

    The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.

  • CVE-2016-1421HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the…

  • CVE-2016-1405HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.03

    libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial…

  • CVE-2016-1409HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.04

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as…

  • CVE-2016-1404HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic…

  • CVE-2016-1410HigMay 28, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

  • CVE-2016-1407HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.

  • CVE-2016-1400HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258.

  • CVE-2016-1383HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.

  • CVE-2016-1382HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.

  • CVE-2016-1381HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.

  • CVE-2016-1380HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.

Page 32 of 145