Filtered by vendor Cisco
Subscribe
Total
6218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1388 | 1 Cisco | 3 Network Analysis Module, Prime Network Analysis Module Software, Prime Virtual Network Analysis Module Software | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882. | |||||
| CVE-2015-0728 | 1 Cisco | 1 Secure Access Control System | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002. | |||||
| CVE-2015-4330 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 6.9 MEDIUM | N/A |
| A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. | |||||
| CVE-2016-1361 | 1 Cisco | 5 Ios Xr, Xr 12404, Xr 12406 and 2 more | 2025-04-12 | 4.6 MEDIUM | 5.3 MEDIUM |
| Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. | |||||
| CVE-2014-3315 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. | |||||
| CVE-2015-0762 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. | |||||
| CVE-2015-4190 | 1 Cisco | 1 Prime Service Catalog | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. | |||||
| CVE-2014-3368 | 1 Cisco | 2 Expressway Software, Telepresence Video Communication Server Software | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507. | |||||
| CVE-2015-0697 | 1 Cisco | 1 Telepresence Tc Software | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. | |||||
| CVE-2015-6329 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | |||||
| CVE-2016-1356 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | |||||
| CVE-2016-1428 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. | |||||
| CVE-2014-3269 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 6.8 MEDIUM | N/A |
| The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | |||||
| CVE-2016-1427 | 1 Cisco | 1 Prime Network Registrar | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. | |||||
| CVE-2014-2144 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 6.1 MEDIUM | N/A |
| Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. | |||||
| CVE-2014-3327 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
| The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. | |||||
| CVE-2015-4458 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 4.3 MEDIUM | N/A |
| The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976. | |||||
| CVE-2016-1328 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948. | |||||
| CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |||||
| CVE-2015-4331 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 3.5 LOW | N/A |
| Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. | |||||