Filtered by vendor Cisco
Subscribe
Total
6072 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8028 | 1 Cisco | 1 Secure Access Control System | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. | |||||
| CVE-2014-8027 | 1 Cisco | 1 Secure Access Control System | 2017-09-08 | 6.5 MEDIUM | N/A |
| The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. | |||||
| CVE-2014-8023 | 1 Cisco | 1 Adaptive Security Appliance Software | 2017-09-08 | 4.0 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. | |||||
| CVE-2014-8022 | 1 Cisco | 1 Identity Services Engine Software | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776. | |||||
| CVE-2014-8021 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Hostscan Engine | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149. | |||||
| CVE-2014-8020 | 1 Cisco | 1 Unified Communications Domain Manager | 2017-09-08 | 5.0 MEDIUM | N/A |
| Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276. | |||||
| CVE-2014-8005 | 1 Cisco | 1 Ios Xr | 2017-09-08 | 5.0 MEDIUM | N/A |
| Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | |||||
| CVE-2014-8004 | 1 Cisco | 1 Ios Xr | 2017-09-08 | 5.0 MEDIUM | N/A |
| Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | |||||
| CVE-2014-8000 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2017-09-08 | 5.0 MEDIUM | N/A |
| Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | |||||
| CVE-2014-7998 | 1 Cisco | 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more | 2017-09-08 | 7.1 HIGH | N/A |
| Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | |||||
| CVE-2014-7997 | 1 Cisco | 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more | 2017-09-08 | 6.1 MEDIUM | N/A |
| The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. | |||||
| CVE-2014-7996 | 1 Cisco | 1 Unified Computing System | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. | |||||
| CVE-2014-7992 | 1 Cisco | 1 Ios | 2017-09-08 | 5.0 MEDIUM | N/A |
| The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | |||||
| CVE-2014-7991 | 1 Cisco | 1 Unified Communications Manager | 2017-09-08 | 4.3 MEDIUM | N/A |
| The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | |||||
| CVE-2014-7990 | 1 Cisco | 4 Air-ct5760, Ios Xe, Ws-c3850 and 1 more | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | |||||
| CVE-2014-7989 | 1 Cisco | 8 B200 M3, B200 M4, B22 M3 and 5 more | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. | |||||
| CVE-2014-7988 | 1 Cisco | 1 Unity Connection | 2017-09-08 | 4.0 MEDIUM | N/A |
| The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. | |||||
| CVE-2016-6435 | 1 Cisco | 1 Firepower Management Center | 2017-09-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | |||||
| CVE-2016-6434 | 1 Cisco | 1 Firepower Management Center | 2017-09-03 | 4.6 MEDIUM | 7.8 HIGH |
| Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | |||||
| CVE-2016-1464 | 1 Cisco | 1 Webex Wrf Player T29 | 2017-09-03 | 9.3 HIGH | 7.8 HIGH |
| Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. | |||||