VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,226 total · sorted by risk
  • CVE-2021-1492MedMar 25, 2021
    risk 0.43cvss 6.6epss 0.00

    The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used…

  • CVE-2021-1371MedMar 24, 2021
    risk 0.43cvss 6.6epss 0.00

    A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This…

  • CVE-2020-3427MedOct 14, 2020
    risk 0.43cvss 6.6epss 0.00

    The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows…

  • CVE-2019-1736MedSep 23, 2020
    risk 0.43cvss 6.6epss 0.00

    A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The…

  • CVE-2019-15959MedSep 23, 2020
    risk 0.43cvss 6.6epss 0.00

    A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An…

  • CVE-2020-3252MedApr 15, 2020
    risk 0.43cvss 6.5epss 0.05

    Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the…

  • CVE-2013-2684MedFeb 6, 2020
    risk 0.43cvss 6.1epss 0.04

    Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2019-1923MedJul 17, 2019
    risk 0.43cvss 6.6epss 0.00

    A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this…

  • CVE-2019-1820MedMay 16, 2019
    risk 0.43cvss 6.5epss 0.14

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This…

  • CVE-2019-1819MedMay 16, 2019
    risk 0.43cvss 6.5epss 0.14

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This…

  • CVE-2019-1818MedMay 16, 2019
    risk 0.43cvss 6.5epss 0.14

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This…

  • CVE-2019-1755MedMar 28, 2019
    risk 0.43cvss 6.5epss 0.03

    A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly…

  • CVE-2019-1642MedJan 23, 2019
    risk 0.43cvss 6.1epss 0.04

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software.…

  • CVE-2018-0420MedOct 17, 2018
    risk 0.43cvss 6.5epss 0.05

    A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames…

  • CVE-2018-0371MedJun 21, 2018
    risk 0.43cvss 6.5epss 0.03

    A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this…

  • CVE-2018-0229MedApr 19, 2018
    risk 0.43cvss 6.5epss 0.04

    A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD)…

  • CVE-2017-6758MedAug 7, 2017
    risk 0.43cvss 6.5epss 0.04

    A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient…

  • CVE-2017-6637MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.08

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform…

  • CVE-2017-6636MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.06

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper…

  • CVE-2017-6635MedMay 22, 2017
    risk 0.43cvss 6.5epss 0.10

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform…

  • CVE-2026-28956MedMay 11, 2026
    risk 0.42cvss 6.5epss 0.00

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to…

  • CVE-2026-28942MedMay 11, 2026
    risk 0.42cvss 6.5epss 0.00

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  • CVE-2026-28918MedMay 11, 2026
    risk 0.42cvss 6.5epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.

  • CVE-2026-20169MedMay 6, 2026
    risk 0.42cvss 6.4epss 0.00

    A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of…

  • CVE-2026-20168MedMay 6, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access…

  • CVE-2026-20081MedApr 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities…

  • CVE-2026-20078MedApr 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities…

  • CVE-2026-20097MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based…

  • CVE-2026-20096MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is…

  • CVE-2026-20095MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is…

  • CVE-2026-20042MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are…

  • CVE-2026-28878MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.01

    A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.7, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's…

  • CVE-2026-28863MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.01

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user.

  • CVE-2026-20657MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. Parsing a maliciously crafted file may lead to an…

  • CVE-2026-20064MedMar 4, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied…

  • CVE-2026-20036MedFeb 25, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. …

  • CVE-2026-20644MedFeb 11, 2026
    risk 0.42cvss 6.5epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2026-20636MedFeb 11, 2026
    risk 0.42cvss 6.5epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-46298MedJan 9, 2026
    risk 0.42cvss 6.5epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-46287MedDec 12, 2025
    risk 0.42cvss 6.5epss 0.00

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An attacker may be able to…

  • CVE-2025-43507MedNov 4, 2025
    risk 0.42cvss 6.5epss 0.00

    A privacy issue was addressed by moving sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.

  • CVE-2025-43457MedNov 4, 2025
    risk 0.42cvss 6.5epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  • CVE-2025-43440MedNov 4, 2025
    risk 0.42cvss 6.5epss 0.00

    This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2025-43424MedNov 4, 2025
    risk 0.42cvss 6.5epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. A malicious HID device may cause an unexpected process crash.

  • CVE-2025-20359MedOct 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in…

  • CVE-2025-20149MedSep 24, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow. An…

  • CVE-2025-43356MedSep 15, 2025
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent.

  • CVE-2025-43272MedSep 15, 2025
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  • CVE-2025-20294MedAug 27, 2025
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. …

  • CVE-2025-31215MedMay 12, 2025
    risk 0.42cvss 6.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Page 45 of 145