Filtered by vendor Cisco
Subscribe
Total
6237 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9212 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074. | |||||
| CVE-2014-3294 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691. | |||||
| CVE-2015-6324 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 7.1 HIGH | N/A |
| The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug IDs CSCus56252 and CSCus57142. | |||||
| CVE-2016-9199 | 1 Cisco | 1 Iox | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0. | |||||
| CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 9.0 HIGH | N/A |
| The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | |||||
| CVE-2014-7990 | 1 Cisco | 4 Air-ct5760, Ios Xe, Ws-c3850 and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | |||||
| CVE-2015-0588 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. | |||||
| CVE-2015-0659 | 1 Cisco | 1 Ios | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. | |||||
| CVE-2015-6408 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | |||||
| CVE-2013-3068 | 1 Cisco | 2 Linksys Wrt310n Router Firmware, Linksys Wrt350n | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. | |||||
| CVE-2016-1420 | 1 Cisco | 2 Application Infrastructure Controller, Application Policy Infrastructure Controller Firmware | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347. | |||||
| CVE-2015-4194 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. | |||||
| CVE-2015-0726 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | 6.8 MEDIUM | N/A |
| The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252. | |||||
| CVE-2014-2142 | 1 Cisco | 3 Cisco Ons 15454 System Software, Ons 15454, Ons 15454 System Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870. | |||||
| CVE-2014-7991 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | |||||
| CVE-2012-4651 | 1 Cisco | 1 Ios | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. | |||||
| CVE-2015-0668 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737. | |||||
| CVE-2015-4282 | 1 Cisco | 1 Mobility Services Engine | 2025-04-12 | 6.9 MEDIUM | N/A |
| Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | |||||
| CVE-2016-9200 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. More Information: CSCut43268. Known Affected Releases: 10.5(1) 10.6. | |||||
| CVE-2015-6284 | 1 Cisco | 6 Telepresence Server 7010, Telepresence Server Mse 8710, Telepresence Server On Multiparty Media 310 and 3 more | 2025-04-12 | 7.8 HIGH | N/A |
| Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. | |||||