VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,106 total · sorted by risk
  • CVE-2020-3435MedAug 17, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have…

  • CVE-2020-3434MedAug 17, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker…

  • CVE-2020-3350MedJun 18, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning…

  • CVE-2020-3347MedJun 18, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An…

  • CVE-2020-3335MedJun 3, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could…

  • CVE-2020-3344MedMay 22, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An…

  • CVE-2020-3343MedMay 22, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An…

  • CVE-2019-1734MedNov 5, 2019
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional…

  • CVE-2019-12660MedSep 25, 2019
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute…

  • CVE-2019-12622MedAug 21, 2019
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this…

  • CVE-2019-1630MedJun 20, 2019
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking…

  • CVE-2019-1628MedJun 20, 2019
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds…

  • CVE-2019-1725MedApr 18, 2019
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that…

  • CVE-2019-1798MedApr 8, 2019
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a…

  • CVE-2019-1788MedApr 8, 2019
    risk 0.36cvss 5.5epss 0.02

    A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is…

  • CVE-2019-1787MedApr 8, 2019
    risk 0.36cvss 5.5epss 0.02

    A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…

  • CVE-2019-1786MedApr 8, 2019
    risk 0.36cvss 5.5epss 0.01

    A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…

  • CVE-2018-15452MedNov 13, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit…

  • CVE-2018-15407MedOct 5, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing…

  • CVE-2018-0457MedOct 5, 2018
    risk 0.36cvss 5.5epss 0.02

    A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a user a link or email attachment with a…

  • CVE-2018-0392MedJul 18, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by…

  • CVE-2018-0380MedJul 18, 2018
    risk 0.36cvss 5.5epss 0.01

    Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and…

  • CVE-2018-0373MedJun 21, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The…

  • CVE-2018-0359MedJun 21, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because…

  • CVE-2018-0123MedFeb 8, 2018
    risk 0.36cvss 5.5epss 0.00

    A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be…

  • CVE-2017-12286MedOct 19, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and…

  • CVE-2017-12284MedOct 19, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and…

  • CVE-2010-3049MedSep 25, 2017
    risk 0.36cvss 5.5epss 0.00

    Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).

  • CVE-2017-9480MedJul 31, 2017
    risk 0.36cvss 5.5epss 0.00

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479 exploitation) to read arbitrary files via UPnP access to /var/IGD/.

  • CVE-2017-6726MedJul 10, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1.

  • CVE-2017-6705MedJul 4, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1.

  • CVE-2017-6696MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2).

  • CVE-2017-6695MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839.

  • CVE-2017-6694MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected…

  • CVE-2017-6693MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected…

  • CVE-2016-6459MedNov 19, 2016
    risk 0.36cvss 5.5epss 0.01

    Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7…

  • CVE-2006-5393MedOct 18, 2006
    risk 0.36cvss 5.5epss 0.00

    Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.

  • CVE-2026-20210MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because…

  • CVE-2026-20209MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability…

  • CVE-2026-28819MedMay 11, 2026
    risk 0.35cvss 5.4epss 0.07

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2026-20219MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This…

  • CVE-2025-20342MedAug 27, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the…

  • CVE-2025-20296MedAug 27, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of…

  • CVE-2025-20331MedAug 6, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by…

  • CVE-2025-20215MedAug 6, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has…

  • CVE-2025-20258MedMay 21, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this…

  • CVE-2025-20194MedMay 7, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker…

  • CVE-2025-20147MedMay 7, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system. This vulnerability is due to…

  • CVE-2025-20128MedJan 22, 2025
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check…

  • CVE-2025-20168MedJan 8, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient…

Page 70 of 143