Filtered by vendor Cisco
Subscribe
Total
6237 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1437 | 1 Cisco | 1 Prime Collaboration Deployment | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | |||||
| CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
| The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | |||||
| CVE-2015-6416 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. | |||||
| CVE-2015-0759 | 1 Cisco | 1 Headend Digital Broadband Delivery System | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-0614 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 7.1 HIGH | N/A |
| The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. | |||||
| CVE-2016-1351 | 1 Cisco | 2 Ios, Nx-os | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279. | |||||
| CVE-2015-4286 | 1 Cisco | 1 Unified Computing System Central Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||||
| CVE-2014-3262 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | |||||
| CVE-2015-0638 | 1 Cisco | 1 Ios | 2025-04-12 | 7.1 HIGH | N/A |
| Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. | |||||
| CVE-2015-4204 | 1 Cisco | 2 Cisco Ios, Ubr10000 Cable Modem Termination System | 2025-04-12 | 6.8 MEDIUM | N/A |
| Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051. | |||||
| CVE-2016-1421 | 1 Cisco | 2 Ip Phone, Ip Phone 8800 Series Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. | |||||
| CVE-2016-6436 | 1 Cisco | 1 Hostscan Engine | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682. | |||||
| CVE-2014-3347 | 1 Cisco | 8 1801 Integrated Service Router, 1802 Integrated Service Router, 1803 Integrated Service Router and 5 more | 2025-04-12 | 5.4 MEDIUM | N/A |
| Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897. | |||||
| CVE-2016-1323 | 1 Cisco | 1 Spark | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. | |||||
| CVE-2015-4259 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177. | |||||
| CVE-2014-2181 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551. | |||||
| CVE-2015-6362 | 1 Cisco | 1 Connected Grid Network Management System | 2025-04-12 | 4.0 MEDIUM | N/A |
| The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. | |||||
| CVE-2014-8008 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | |||||
| CVE-2016-1477 | 1 Cisco | 1 Connected Streaming Analytics | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. | |||||
| CVE-2016-1359 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. | |||||