Filtered by vendor Cisco
Subscribe
Total
6218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2172 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 6.6 MEDIUM | N/A |
| Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693. | |||||
| CVE-2016-9192 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225). | |||||
| CVE-2015-4304 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 9.0 HIGH | N/A |
| The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652. | |||||
| CVE-2015-0767 | 1 Cisco | 2 Edge 340, Edge 340 Firmware | 2025-04-12 | 7.2 HIGH | N/A |
| Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. | |||||
| CVE-2016-1395 | 1 Cisco | 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. | |||||
| CVE-2016-6372 | 1 Cisco | 3 Email Security Appliance, Web Security Appliance, Web Security Appliance 8.0.5 | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. | |||||
| CVE-2015-4270 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. | |||||
| CVE-2014-8026 | 1 Cisco | 1 Jabber Guest | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074. | |||||
| CVE-2016-1290 | 2 Cisco, Sun | 3 Evolved Programmable Network Manager, Prime Infrastructure, Opensolaris | 2025-04-12 | 5.5 MEDIUM | 8.1 HIGH |
| The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | |||||
| CVE-2014-2163 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 7.8 HIGH | N/A |
| The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua64961. | |||||
| CVE-2016-1476 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. | |||||
| CVE-2015-0658 | 1 Cisco | 35 Nexus 3016, Nexus 3048, Nexus 3064 and 32 more | 2025-04-12 | 7.9 HIGH | N/A |
| The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. | |||||
| CVE-2016-6459 | 1 Cisco | 1 Telepresence Tc Software | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. | |||||
| CVE-2015-6321 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. | |||||
| CVE-2015-4198 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. | |||||
| CVE-2014-3333 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 9.0 HIGH | N/A |
| The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014. | |||||
| CVE-2014-3267 | 1 Cisco | 1 Security Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427. | |||||
| CVE-2016-6469 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010. | |||||
| CVE-2014-3388 | 1 Cisco | 1 Asa | 2025-04-12 | 7.8 HIGH | N/A |
| The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327. | |||||
| CVE-2015-0593 | 1 Cisco | 1 Ios | 2025-04-12 | 7.1 HIGH | N/A |
| The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. | |||||