Filtered by vendor Cisco
Subscribe
Total
6072 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0632 | 1 Cisco | 1 Unified Communications Manager | 2017-08-17 | 9.0 HIGH | N/A |
| The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x. | |||||
| CVE-2009-0630 | 1 Cisco | 1 Ios | 2017-08-17 | 7.1 HIGH | N/A |
| The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets. | |||||
| CVE-2009-0619 | 1 Cisco | 1 Session Border Controller | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets to TCP port 2000. | |||||
| CVE-2008-6280 | 1 Cisco | 1 Wrt160n | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. | |||||
| CVE-2016-1485 | 1 Cisco | 1 Identity Services Engine Software | 2017-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. | |||||
| CVE-2016-1484 | 1 Cisco | 1 Webex Meetings Server | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. | |||||
| CVE-2016-1479 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | |||||
| CVE-2016-1478 | 1 Cisco | 1 Ios | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619. | |||||
| CVE-2016-1476 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2017-08-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. | |||||
| CVE-2016-1474 | 1 Cisco | 1 Prime Infrastructure | 2017-08-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. | |||||
| CVE-2016-1468 | 1 Cisco | 1 Telepresence Video Communication Server | 2017-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | |||||
| CVE-2016-1466 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. | |||||
| CVE-2016-1457 | 1 Cisco | 1 Firepower Management Center | 2017-08-16 | 9.0 HIGH | 8.8 HIGH |
| The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. | |||||
| CVE-2016-1430 | 1 Cisco | 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Vpn Router and 1 more | 2017-08-16 | 9.0 HIGH | 8.8 HIGH |
| Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. | |||||
| CVE-2016-1429 | 1 Cisco | 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Wireless-n Multifunction Vpn Router and 1 more | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. | |||||
| CVE-2016-1419 | 1 Cisco | 2 Aironet, Aironet Access Point Software | 2017-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. | |||||
| CVE-2016-1409 | 1 Cisco | 4 Ios, Ios Xe, Ios Xr and 1 more | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. | |||||
| CVE-2016-1365 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2017-08-16 | 8.5 HIGH | 8.8 HIGH |
| The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507. | |||||
| CVE-2015-6397 | 1 Cisco | 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more | 2017-08-16 | 9.0 HIGH | 8.8 HIGH |
| Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557. | |||||
| CVE-2016-1473 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2017-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216. | |||||