VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,239 total · sorted by risk
  • CVE-2025-43448MedNov 4, 2025
    risk 0.41cvss 6.3epss 0.00

    This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of…

  • CVE-2025-43400MedSep 29, 2025
    risk 0.41cvss 6.3epss 0.06

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a…

  • CVE-2025-31233MedMay 12, 2025
    risk 0.41cvss 6.3epss 0.01

    The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to…

  • CVE-2025-30429MedMar 31, 2025
    risk 0.41cvss 6.3epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.

  • CVE-2025-24212MedMar 31, 2025
    risk 0.41cvss 6.3epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.

  • CVE-2023-20274MedNov 21, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent…

  • CVE-2023-20123MedApr 5, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected…

  • CVE-2023-20016MedFeb 23, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and…

  • CVE-2022-20926MedNov 15, 2022
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of…

  • CVE-2022-20925MedNov 15, 2022
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of…

  • CVE-2021-1518MedJul 22, 2021
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of…

  • CVE-2021-1359MedJul 8, 2021
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of…

  • CVE-2021-1415MedApr 8, 2021
    risk 0.41cvss 6.3epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an…

  • CVE-2021-1414MedApr 8, 2021
    risk 0.41cvss 6.3epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an…

  • CVE-2021-1413MedApr 8, 2021
    risk 0.41cvss 6.3epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an…

  • CVE-2021-1270MedJan 20, 2021
    risk 0.41cvss 6.3epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the…

  • CVE-2021-1269MedJan 20, 2021
    risk 0.41cvss 6.3epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the…

  • CVE-2020-3371MedNov 6, 2020
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input…

  • CVE-2020-3602MedOct 8, 2020
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could…

  • CVE-2020-3522MedAug 26, 2020
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The…

  • CVE-2020-3485MedAug 26, 2020
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they…

  • CVE-2020-3462MedJul 31, 2020
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters.…

  • CVE-2020-3377MedJul 31, 2020
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An…

  • CVE-2020-11907MedJun 17, 2020
    risk 0.41cvss 6.3epss 0.02

    The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.

  • CVE-2020-3237MedJun 3, 2020
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to…

  • CVE-2019-1978MedNov 5, 2019
    risk 0.41cvss 5.8epss 0.09

    A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The…

  • CVE-2018-15445MedNov 8, 2018
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2018-15444MedNov 8, 2018
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML…

  • CVE-2018-0160MedMar 28, 2018
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a…

  • CVE-2018-0215MedMar 8, 2018
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2017-12335MedNov 30, 2017
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting…

  • CVE-2017-12330MedNov 30, 2017
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this…

  • CVE-2017-12329MedNov 30, 2017
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the…

  • CVE-2017-12278MedNov 2, 2017
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a…

  • CVE-2017-6786MedAug 17, 2017
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log…

  • CVE-2017-9493MedJul 31, 2017
    risk 0.41cvss 6.3epss 0.01

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code.

  • CVE-2017-6615MedApr 20, 2017
    risk 0.41cvss 6.3epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software…

  • CVE-2026-20233MedJun 3, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. …

  • CVE-2026-20175MedJun 3, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of…

  • CVE-2026-43666MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local…

  • CVE-2026-43653MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.

  • CVE-2026-28985MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.

  • CVE-2026-28977MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead…

  • CVE-2026-20170MedApr 15, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer…

  • CVE-2026-20059MedApr 15, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not…

  • CVE-2026-20085MedApr 1, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit…

  • CVE-2026-20041MedApr 1, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific…

  • CVE-2026-28833MedMar 25, 2026
    risk 0.40cvss 6.2epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.

  • CVE-2026-20023MedMar 4, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of…

  • CVE-2026-20022MedMar 4, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled…

Page 52 of 145