VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,240 total · sorted by risk
  • CVE-2017-3811MedMar 17, 2017
    risk 0.42cvss 6.5epss 0.01

    An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases:…

  • CVE-2017-3820MedFeb 3, 2017
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected…

  • CVE-2016-9224MedDec 26, 2016
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0).

  • CVE-2016-9208MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More…

  • CVE-2016-9207MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability…

  • CVE-2016-9204MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1000V InterCloud is affected. More Information: CSCus99379. Known Affected…

  • CVE-2016-9199MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and…

  • CVE-2016-6473MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux07028. Known Affected Releases: 15.2(3)E. Known Fixed Releases: 12.2(50)SE4…

  • CVE-2016-6471MedDec 14, 2016
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage Password. More Information: CSCvb19366. Known Affected Releases: 5.4.1.6.

  • CVE-2016-6457MedNov 19, 2016
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000…

  • CVE-2016-6454MedNov 3, 2016
    risk 0.42cvss 6.5epss 0.01

    A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1).…

  • CVE-2016-6440MedOct 27, 2016
    risk 0.42cvss 6.5epss 0.01

    The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10),…

  • CVE-2016-6424MedOct 6, 2016
    risk 0.42cvss 6.5epss 0.01

    The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942.

  • CVE-2016-1454MedOct 6, 2016
    risk 0.42cvss 6.5epss 0.02

    Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug…

  • CVE-2016-6423MedOct 5, 2016
    risk 0.42cvss 6.5epss 0.01

    The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540.

  • CVE-2016-6420MedOct 5, 2016
    risk 0.42cvss 6.5epss 0.02

    Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467.

  • CVE-2016-6412MedSep 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.

  • CVE-2016-6410MedSep 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.

  • CVE-2014-2146MedSep 22, 2016
    risk 0.42cvss 6.5epss 0.01

    The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that…

  • CVE-2016-6405MedSep 18, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.

  • CVE-2016-6376MedSep 2, 2016
    risk 0.42cvss 6.5epss 0.01

    The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed…

  • CVE-2016-1477MedAug 23, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891.

  • CVE-2016-6363MedAug 22, 2016
    risk 0.42cvss 6.5epss 0.01

    The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID…

  • CVE-2016-6361MedAug 22, 2016
    risk 0.42cvss 6.5epss 0.01

    The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID…

  • CVE-2016-1467MedJul 28, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813.

  • CVE-2016-1465MedJul 28, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID…

  • CVE-2016-1460MedJul 28, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979.

  • CVE-2016-1452MedJul 15, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.

  • CVE-2016-1444MedJul 7, 2016
    risk 0.42cvss 6.5epss 0.01

    The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID…

  • CVE-2016-1425MedJul 3, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.

  • CVE-2016-1398MedJul 3, 2016
    risk 0.42cvss 6.5epss 0.02

    Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device…

  • CVE-2016-1437MedJun 23, 2016
    risk 0.42cvss 6.5epss 0.01

    SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.

  • CVE-2016-1434MedJun 23, 2016
    risk 0.42cvss 6.5epss 0.01

    The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.

  • CVE-2016-1428MedJun 23, 2016
    risk 0.42cvss 6.5epss 0.01

    Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174.

  • CVE-2016-1424MedJun 19, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132.

  • CVE-2016-1397MedJun 19, 2016
    risk 0.42cvss 6.5epss 0.02

    Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device…

  • CVE-2016-1432MedJun 18, 2016
    risk 0.42cvss 6.5epss 0.02

    Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.

  • CVE-2016-1413MedMay 28, 2016
    risk 0.42cvss 6.5epss 0.01

    The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.

  • CVE-2016-1379MedMay 28, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID…

  • CVE-2016-1385MedMay 26, 2016
    risk 0.42cvss 6.5epss 0.01

    The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide…

  • CVE-2016-1366MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.

  • CVE-2016-1338MedMar 12, 2016
    risk 0.42cvss 6.5epss 0.02

    Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026.

  • CVE-2016-1358MedMar 3, 2016
    risk 0.42cvss 6.4epss 0.01

    Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE)…

  • CVE-2016-1333MedFeb 17, 2016
    risk 0.42cvss 6.5epss 0.02

    Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OIDs, aka Bug ID CSCux89878.

  • CVE-2016-1330MedFeb 15, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746.

  • CVE-2016-1308MedFeb 7, 2016
    risk 0.42cvss 6.5epss 0.01

    SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.

  • CVE-2015-6317MedJan 23, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.

  • CVE-2015-6433MedJan 8, 2016
    risk 0.42cvss 6.5epss 0.01

    SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.

  • CVE-2015-6431MedDec 23, 2015
    risk 0.42cvss 6.5epss 0.01

    Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

  • CVE-2026-20206MedMay 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in…

Page 51 of 145