VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,226 total · sorted by risk
  • CVE-2025-31210MedMay 12, 2025
    risk 0.42cvss 6.5epss 0.00

    The issue was addressed with improved UI. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing web content may lead to a denial-of-service.

  • CVE-2025-24225MedMay 12, 2025
    risk 0.42cvss 6.5epss 0.00

    An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing.

  • CVE-2025-31203MedApr 29, 2025
    risk 0.42cvss 6.5epss 0.00

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a…

  • CVE-2025-30445MedApr 29, 2025
    risk 0.42cvss 6.5epss 0.00

    A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app…

  • CVE-2025-24251MedApr 29, 2025
    risk 0.42cvss 6.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may cause an unexpected app…

  • CVE-2025-30432MedMar 31, 2025
    risk 0.42cvss 6.4epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to attempt passcode entries on a locked…

  • CVE-2025-24192MedMar 31, 2025
    risk 0.42cvss 6.5epss 0.01

    A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data.

  • CVE-2024-54467MedMar 10, 2025
    risk 0.42cvss 6.5epss 0.01

    A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.

  • CVE-2022-20652MedNov 15, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is…

  • CVE-2024-20416MedJul 17, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP…

  • CVE-2024-20262MedMar 13, 2024
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid…

  • CVE-2024-20287MedJan 17, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due…

  • CVE-2023-20271MedJan 17, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper…

  • CVE-2023-20258MedJan 17, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the…

  • CVE-2023-20114MedNov 1, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit…

  • CVE-2023-20261MedOct 18, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could…

  • CVE-2023-20235MedOct 4, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability…

  • CVE-2023-20250MedSep 6, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests…

  • CVE-2023-20266MedAug 30, 2023
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to…

  • CVE-2023-20221MedAug 16, 2023
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management…

  • CVE-2023-20111MedAug 16, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based…

  • CVE-2023-20017MedAug 16, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these…

  • CVE-2023-20013MedAug 16, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these…

  • CVE-2020-26065MedAug 4, 2023
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient…

  • CVE-2023-20164MedMay 18, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid…

  • CVE-2023-20163MedMay 18, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid…

  • CVE-2023-20110MedMay 18, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface…

  • CVE-2023-20131MedApr 5, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery…

  • CVE-2023-20130MedApr 5, 2023
    risk 0.42cvss 6.5epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery…

  • CVE-2023-20129MedApr 5, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery…

  • CVE-2023-20127MedApr 5, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery…

  • CVE-2023-20124MedApr 5, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation…

  • CVE-2023-20073MedApr 5, 2023
    risk 0.42cvss 5.3epss 0.89

    A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization…

  • CVE-2023-20113MedMar 23, 2023
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the…

  • CVE-2023-20066MedMar 23, 2023
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security…

  • CVE-2023-20056MedMar 23, 2023
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user.…

  • CVE-2023-20062MedMar 3, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these…

  • CVE-2023-20061MedMar 3, 2023
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these…

  • CVE-2023-20009MedMar 1, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The…

  • CVE-2023-25653HigFeb 16, 2023
    risk 0.42cvss 7.5epss 0.01

    node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service…

  • CVE-2023-20047MedJan 20, 2023
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to…

  • CVE-2023-20026MedJan 20, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper…

  • CVE-2022-3643MedDec 7, 2022
    risk 0.42cvss 6.5epss 0.00

    Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux…

  • CVE-2022-20949MedNov 15, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS…

  • CVE-2022-20826MedNov 15, 2022
    risk 0.42cvss 6.4epss 0.00

    A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device…

  • CVE-2022-20942MedNov 4, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve…

  • CVE-2022-20810MedSep 30, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that…

  • CVE-2022-20816MedAug 10, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an…

  • CVE-2022-20859MedJul 6, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform…

  • CVE-2022-20791MedJul 6, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could…

Page 46 of 145