VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,106 total · sorted by risk
  • CVE-2017-3822MedFeb 3, 2017
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software…

  • CVE-2017-3810MedFeb 3, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula.

  • CVE-2017-3805MedJan 26, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco…

  • CVE-2017-3799MedJan 26, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1.

  • CVE-2017-3795MedJan 26, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.

  • CVE-2016-9216MedJan 26, 2017
    risk 0.35cvss 5.3epss 0.03

    An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0…

  • CVE-2016-6463MedNov 19, 2016
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability…

  • CVE-2016-6462MedNov 19, 2016
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability…

  • CVE-2016-6421MedOct 5, 2016
    risk 0.35cvss 5.3epss 0.02

    Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643.

  • CVE-2016-1433MedSep 18, 2016
    risk 0.35cvss 5.3epss 0.02

    Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.

  • CVE-2016-6401MedSep 17, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.

  • CVE-2016-6398MedSep 12, 2016
    risk 0.35cvss 5.3epss 0.01

    The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274.

  • CVE-2016-6396MedSep 12, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.

  • CVE-2016-6395MedSep 12, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID…

  • CVE-2016-1476MedAug 22, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.

  • CVE-2016-1459MedJul 17, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.

  • CVE-2016-1445MedJul 12, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.

  • CVE-2016-1440MedJul 2, 2016
    risk 0.35cvss 5.3epss 0.01

    The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID…

  • CVE-2016-1370MedJun 3, 2016
    risk 0.35cvss 5.3epss 0.02

    Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.

  • CVE-2016-1378MedApr 14, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591.

  • CVE-2016-1376MedApr 12, 2016
    risk 0.35cvss 5.3epss 0.02

    Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548.

  • CVE-2016-1361MedMar 12, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID…

  • CVE-2016-1357MedMar 3, 2016
    risk 0.35cvss 5.3epss 0.01

    The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211.

  • CVE-2016-1288MedMar 3, 2016
    risk 0.35cvss 5.3epss 0.02

    The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka…

  • CVE-2016-1353MedMar 1, 2016
    risk 0.35cvss 5.3epss 0.02

    The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to cause a denial of service…

  • CVE-2016-1342MedFeb 26, 2016
    risk 0.35cvss 5.3epss 0.01

    The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.

  • CVE-2016-1334MedFeb 17, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.

  • CVE-2016-1324MedFeb 12, 2016
    risk 0.35cvss 5.3epss 0.01

    The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.

  • CVE-2016-1319MedFeb 9, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext…

  • CVE-2016-1316MedFeb 9, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.

  • CVE-2016-1307MedFeb 7, 2016
    risk 0.35cvss 5.4epss 0.01

    The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.

  • CVE-2016-1299MedJan 27, 2016
    risk 0.35cvss 5.3epss 0.01

    The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.

  • CVE-2016-1295MedJan 16, 2016
    risk 0.35cvss 5.3epss 0.02

    Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.

  • CVE-2026-28994MedMay 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position…

  • CVE-2026-20195MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called.…

  • CVE-2026-20152MedApr 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied…

  • CVE-2026-20106MedMar 4, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory…

  • CVE-2026-20009MedMar 4, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute…

  • CVE-2026-20676MedFeb 11, 2026
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

  • CVE-2026-20673MedFeb 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews.

  • CVE-2026-20080MedJan 21, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An…

  • CVE-2026-20027MedJan 7, 2026
    risk 0.34cvss 5.3epss 0.01

    Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet…

  • CVE-2018-25127MedDec 24, 2025
    risk 0.34cvss 5.3epss 0.00

    SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by…

  • CVE-2025-43444MedNov 4, 2025
    risk 0.34cvss 5.3epss 0.01

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.

  • CVE-2025-20316MedSep 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device. This vulnerability is due to the flooding…

  • CVE-2025-20293MedSep 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. …

  • CVE-2025-20159MedSep 10, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management…

  • CVE-2025-20219MedAug 14, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that…

  • CVE-2025-20275MedJun 4, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the…

  • CVE-2025-20259MedJun 4, 2025
    risk 0.34cvss 5.3epss 0.00

    Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the…

Page 77 of 143