Filtered by vendor Cisco
Subscribe
Total
6226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4267 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. | |||||
| CVE-2014-8022 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776. | |||||
| CVE-2016-1411 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. | |||||
| CVE-2014-3355 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
| The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942. | |||||
| CVE-2014-2147 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 4.3 MEDIUM | N/A |
| The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444. | |||||
| CVE-2014-2198 | 1 Cisco | 2 Unified Cdm Platform Software, Unified Communications Domain Manager | 2025-04-12 | 10.0 HIGH | N/A |
| Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130. | |||||
| CVE-2015-0725 | 1 Cisco | 2 Videoscape Distribution Suite For Internet Streaming, Videoscape Distribution Suite Service Broker | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409. | |||||
| CVE-2015-0611 | 1 Cisco | 3 Telepresence Ix5000, Telepresence Ix5200, Telepresence System Software Ix | 2025-04-12 | 6.5 MEDIUM | N/A |
| The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. | |||||
| CVE-2013-5567 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.4 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606. | |||||
| CVE-2014-8012 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695. | |||||
| CVE-2016-9223 | 1 Cisco | 1 Cloudcenter Orchestrator | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface). | |||||
| CVE-2016-1374 | 1 Cisco | 1 Unified Computing System Performance Manager | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827. | |||||
| CVE-2015-6392 | 1 Cisco | 40 Nexus 5010, Nexus 5020, Nexus 5548p and 37 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171. | |||||
| CVE-2015-0673 | 1 Cisco | 1 Mobility Services Engine | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. | |||||
| CVE-2015-6318 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 6.9 MEDIUM | N/A |
| Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. | |||||
| CVE-2014-3302 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 5.8 MEDIUM | N/A |
| user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. | |||||
| CVE-2014-8020 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276. | |||||
| CVE-2015-6266 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. | |||||
| CVE-2016-1416 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. | |||||
| CVE-2015-6289 | 1 Cisco | 4 800 Integrated Services Router, 819 Integrated Services Router, 829 Integrated Services Router and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | |||||