Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,233 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20213 | 0.00 | — | 0.00 | May 7, 2025 | A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid… | |||
| CVE-2025-20182 | 0.00 | — | 0.00 | May 7, 2025 | A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to… | |||
| CVE-2025-20157 | 0.00 | — | 0.00 | May 7, 2025 | A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that… | |||
| CVE-2025-20210 | 0.00 | — | 0.00 | May 7, 2025 | A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint.… | |||
| CVE-2025-24091 | 0.00 | — | 0.00 | Apr 30, 2025 | An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service. | |||
| CVE-2025-31202 | 0.00 | — | 0.00 | Apr 29, 2025 | A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service. | |||
| CVE-2025-20236 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due… | |||
| CVE-2025-20150 | 0.00 | — | 0.00 | Apr 16, 2025 | A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication… | |||
| CVE-2025-20178 | 0.00 | — | 0.00 | Apr 16, 2025 | A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to… | |||
| CVE-2023-42977 | 0.00 | — | 0.00 | Apr 11, 2025 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox. | |||
| CVE-2023-42970 | 0.00 | — | 0.00 | Apr 11, 2025 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution. | |||
| CVE-2023-42875 | 0.00 | — | 0.00 | Apr 11, 2025 | Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling. | |||
| CVE-2025-20203 | 0.00 | — | 0.00 | Apr 2, 2025 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an… | |||
| CVE-2025-20120 | 0.00 | — | 0.00 | Apr 2, 2025 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an… | |||
| CVE-2025-20139 | 0.00 | — | 0.01 | Apr 2, 2025 | A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An… | |||
| CVE-2025-24202 | 0.00 | — | 0.00 | Mar 31, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | |||
| CVE-2025-24208 | 0.00 | — | 0.01 | Mar 31, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. | |||
| CVE-2025-30469 | 0.00 | — | 0.00 | Mar 31, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | |||
| CVE-2025-30428 | 0.00 | — | 0.00 | Mar 31, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication. | |||
| CVE-2025-31192 | 0.00 | — | 0.01 | Mar 31, 2025 | The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent. | |||
| CVE-2024-44276 | 0.00 | — | 0.00 | Mar 17, 2025 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information. | |||
| CVE-2025-20209 | 0.00 | — | 0.01 | Mar 12, 2025 | A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. This vulnerability is due to improper handling… | |||
| CVE-2025-20177 | 0.00 | — | 0.00 | Mar 12, 2025 | A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system… | |||
| CVE-2025-20146 | 0.00 | — | 0.01 | Mar 12, 2025 | A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a… | |||
| CVE-2025-20145 | 0.00 | — | 0.00 | Mar 12, 2025 | A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are… | |||
| CVE-2025-20144 | 0.00 | — | 0.00 | Mar 12, 2025 | A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of… | |||
| CVE-2025-20143 | 0.00 | — | 0.00 | Mar 12, 2025 | A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have… | |||
| CVE-2025-20142 | 0.00 | — | 0.01 | Mar 12, 2025 | A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers… | |||
| CVE-2025-20141 | 0.00 | — | 0.00 | Mar 12, 2025 | A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR… | |||
| CVE-2025-20138 | 0.00 | — | 0.00 | Mar 12, 2025 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are… | |||
| CVE-2025-20115 | 0.00 | — | 0.01 | Mar 12, 2025 | A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when… | |||
| CVE-2022-48610 | 0.00 | — | 0.00 | Mar 10, 2025 | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data. | |||
| CVE-2024-54558 | 0.00 | — | 0.00 | Mar 10, 2025 | A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. | |||
| CVE-2025-20208 | 0.00 | — | 0.00 | Mar 5, 2025 | A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input… | |||
| CVE-2025-20206 | 0.00 | — | 0.00 | Mar 5, 2025 | A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco… | |||
| CVE-2020-3122 | 0.00 | — | 0.00 | Mar 4, 2025 | A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information. | |||
| CVE-2025-25939 | 0.00 | — | 0.00 | Mar 3, 2025 | Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activate_process via the akey parameter. | |||
| CVE-2025-20119 | 0.00 | — | 0.00 | Feb 26, 2025 | A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. … | |||
| CVE-2025-20118 | 0.00 | — | 0.00 | Feb 26, 2025 | A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. … | |||
| CVE-2025-20117 | 0.00 | — | 0.00 | Feb 26, 2025 | A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. … | |||
| CVE-2025-20116 | 0.00 | — | 0.00 | Feb 26, 2025 | A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input… | |||
| CVE-2025-27091 | 0.00 | — | 0.01 | Feb 20, 2025 | OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition… | |||
| CVE-2025-20153 | 0.00 | — | 0.00 | Feb 19, 2025 | A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to… | |||
| CVE-2025-20158 | 0.00 | — | 0.00 | Feb 19, 2025 | A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative… | |||
| CVE-2020-3432 | 0.00 | — | 0.00 | Feb 11, 2025 | A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of directory paths. An… | |||
| CVE-2025-20169 | 0.00 | — | 0.01 | Feb 5, 2025 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker… | |||
| CVE-2025-20175 | 0.00 | — | 0.01 | Feb 5, 2025 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker… | |||
| CVE-2025-20174 | 0.00 | — | 0.01 | Feb 5, 2025 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker… | |||
| CVE-2025-20170 | 0.00 | — | 0.01 | Feb 5, 2025 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker… | |||
| CVE-2025-20171 | 0.00 | — | 0.01 | Feb 5, 2025 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker… |
- CVE-2025-20213May 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid…
- CVE-2025-20182May 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to…
- CVE-2025-20157May 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that…
- CVE-2025-20210May 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint.…
- CVE-2025-24091Apr 30, 2025risk 0.00cvss —epss 0.00
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.
- CVE-2025-31202Apr 29, 2025risk 0.00cvss —epss 0.00
A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.
- CVE-2025-20236Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due…
- CVE-2025-20150Apr 16, 2025risk 0.00cvss —epss 0.00
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication…
- CVE-2025-20178Apr 16, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to…
- CVE-2023-42977Apr 11, 2025risk 0.00cvss —epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to break out of its sandbox.
- CVE-2023-42970Apr 11, 2025risk 0.00cvss —epss 0.00
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.
- CVE-2023-42875Apr 11, 2025risk 0.00cvss —epss 0.00
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.
- CVE-2025-20203Apr 2, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an…
- CVE-2025-20120Apr 2, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an…
- CVE-2025-20139Apr 2, 2025risk 0.00cvss —epss 0.01
A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An…
- CVE-2025-24202Mar 31, 2025risk 0.00cvss —epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
- CVE-2025-24208Mar 31, 2025risk 0.00cvss —epss 0.01
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
- CVE-2025-30469Mar 31, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
- CVE-2025-30428Mar 31, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication.
- CVE-2025-31192Mar 31, 2025risk 0.00cvss —epss 0.01
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
- CVE-2024-44276Mar 17, 2025risk 0.00cvss —epss 0.00
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information.
- CVE-2025-20209Mar 12, 2025risk 0.00cvss —epss 0.01
A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. This vulnerability is due to improper handling…
- CVE-2025-20177Mar 12, 2025risk 0.00cvss —epss 0.00
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system…
- CVE-2025-20146Mar 12, 2025risk 0.00cvss —epss 0.01
A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a…
- CVE-2025-20145Mar 12, 2025risk 0.00cvss —epss 0.00
A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are…
- CVE-2025-20144Mar 12, 2025risk 0.00cvss —epss 0.00
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of…
- CVE-2025-20143Mar 12, 2025risk 0.00cvss —epss 0.00
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have…
- CVE-2025-20142Mar 12, 2025risk 0.00cvss —epss 0.01
A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers…
- CVE-2025-20141Mar 12, 2025risk 0.00cvss —epss 0.00
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR…
- CVE-2025-20138Mar 12, 2025risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are…
- CVE-2025-20115Mar 12, 2025risk 0.00cvss —epss 0.01
A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when…
- CVE-2022-48610Mar 10, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.
- CVE-2024-54558Mar 10, 2025risk 0.00cvss —epss 0.00
A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.
- CVE-2025-20208Mar 5, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input…
- CVE-2025-20206Mar 5, 2025risk 0.00cvss —epss 0.00
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco…
- CVE-2020-3122Mar 4, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.
- CVE-2025-25939Mar 3, 2025risk 0.00cvss —epss 0.00
Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activate_process via the akey parameter.
- CVE-2025-20119Feb 26, 2025risk 0.00cvss —epss 0.00
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. …
- CVE-2025-20118Feb 26, 2025risk 0.00cvss —epss 0.00
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. …
- CVE-2025-20117Feb 26, 2025risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. …
- CVE-2025-20116Feb 26, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input…
- CVE-2025-27091Feb 20, 2025risk 0.00cvss —epss 0.01
OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition…
- CVE-2025-20153Feb 19, 2025risk 0.00cvss —epss 0.00
A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to…
- CVE-2025-20158Feb 19, 2025risk 0.00cvss —epss 0.00
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative…
- CVE-2020-3432Feb 11, 2025risk 0.00cvss —epss 0.00
A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of directory paths. An…
- CVE-2025-20169Feb 5, 2025risk 0.00cvss —epss 0.01
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker…
- CVE-2025-20175Feb 5, 2025risk 0.00cvss —epss 0.01
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker…
- CVE-2025-20174Feb 5, 2025risk 0.00cvss —epss 0.01
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker…
- CVE-2025-20170Feb 5, 2025risk 0.00cvss —epss 0.01
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker…
- CVE-2025-20171Feb 5, 2025risk 0.00cvss —epss 0.01
A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker…
Page 93 of 145