VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,103 total · sorted by risk
  • CVE-2020-26139MedMay 11, 2021
    risk 0.35cvss 5.3epss 0.06

    An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against…

  • CVE-2021-1535MedMay 6, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster…

  • CVE-2021-1530MedMay 6, 2021
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due…

  • CVE-2021-1486MedMay 6, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an…

  • CVE-2021-1478MedMay 6, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service…

  • CVE-2021-1369MedApr 29, 2021
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML…

  • CVE-2021-1460MedMar 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to…

  • CVE-2021-1394MedMar 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This…

  • CVE-2021-1378MedFeb 17, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may…

  • CVE-2021-1243MedFeb 4, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is…

  • CVE-2021-1218MedJan 20, 2021
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request…

  • CVE-2021-1350MedJan 20, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability…

  • CVE-2021-1312MedJan 20, 2021
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of…

  • CVE-2021-1129MedJan 20, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general…

  • CVE-2021-1311MedJan 13, 2021
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host…

  • CVE-2021-1236MedJan 13, 2021
    risk 0.35cvss 5.3epss 0.02

    Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An…

  • CVE-2021-1127MedJan 13, 2021
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is…

  • CVE-2020-3441MedNov 18, 2020
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An…

  • CVE-2020-3585MedOct 21, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The…

  • CVE-2020-3578MedOct 21, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are…

  • CVE-2020-3564MedOct 21, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of…

  • CVE-2020-3557MedOct 21, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An…

  • CVE-2020-3597MedOct 8, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup…

  • CVE-2020-3536MedOct 8, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management…

  • CVE-2020-3320MedOct 8, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability…

  • CVE-2019-1983MedSep 23, 2020
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes…

  • CVE-2020-3546MedSep 4, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of…

  • CVE-2020-3542MedSep 4, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An…

  • CVE-2020-3521MedAug 26, 2020
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to…

  • CVE-2020-3496MedAug 26, 2020
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of…

  • CVE-2020-3484MedAug 26, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache…

  • CVE-2020-3461MedJul 31, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of…

  • CVE-2020-3468MedJul 16, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates…

  • CVE-2020-3406MedJul 16, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management…

  • CVE-2020-3197MedJul 16, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection…

  • CVE-2020-3364MedJun 18, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit…

  • CVE-2020-3360MedJun 18, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management…

  • CVE-2020-3245MedJun 18, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker…

  • CVE-2020-3244MedJun 18, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient…

  • CVE-2020-11913MedJun 17, 2020
    risk 0.35cvss 5.3epss 0.03

    The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

  • CVE-2020-11911MedJun 17, 2020
    risk 0.35cvss 5.3epss 0.03

    The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.

  • CVE-2020-11910MedJun 17, 2020
    risk 0.35cvss 5.3epss 0.11

    The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.

  • CVE-2020-11909MedJun 17, 2020
    risk 0.35cvss 5.3epss 0.04

    The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.

  • CVE-2020-3339MedJun 3, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker…

  • CVE-2020-3333MedJun 3, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An…

  • CVE-2020-3233MedJun 3, 2020
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based Local Manager interface of an affected device. The…

  • CVE-2020-3315MedMay 6, 2020
    risk 0.35cvss 5.3epss 0.02

    Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles…

  • CVE-2020-3307MedMay 6, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could…

  • CVE-2020-3188MedMay 6, 2020
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of…

  • CVE-2020-3186MedMay 6, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the…

Page 73 of 143