Filtered by vendor Cisco
Subscribe
Total
6073 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4545 | 1 Cisco | 1 Unity | 2023-12-10 | 4.0 MEDIUM | N/A |
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory. | |||||
CVE-2009-2861 | 1 Cisco | 2 Aironet Ap1100, Aironet Ap1200 | 2023-12-10 | 7.3 HIGH | N/A |
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664. | |||||
CVE-2008-3805 | 1 Cisco | 1 Ios | 2023-12-10 | 8.5 HIGH | N/A |
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806. | |||||
CVE-2008-3815 | 1 Cisco | 2 Asa 5500, Pix | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. | |||||
CVE-2008-4963 | 1 Cisco | 2 Catos, Ios | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. | |||||
CVE-2009-1157 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2023-12-10 | 7.8 HIGH | N/A |
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet. | |||||
CVE-2009-2863 | 1 Cisco | 1 Ios | 2023-12-10 | 7.1 HIGH | N/A |
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | |||||
CVE-2008-4609 | 12 Bsd, Bsdi, Cisco and 9 more | 22 Bsd, Bsd Os, Catalyst Blade Switch 3020 and 19 more | 2023-12-10 | 7.1 HIGH | N/A |
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | |||||
CVE-2009-4118 | 1 Cisco | 1 Vpn Client | 2023-12-10 | 2.1 LOW | N/A |
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. | |||||
CVE-2009-0636 | 1 Cisco | 1 Ios | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message. | |||||
CVE-2008-6280 | 1 Cisco | 1 Wrt160n | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. | |||||
CVE-2009-2870 | 1 Cisco | 1 Ios | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880. | |||||
CVE-2008-0537 | 1 Cisco | 5 7600 Router, Catalyst 6500, Me 6524 Ethernet Switch and 2 more | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. | |||||
CVE-2009-0059 | 1 Cisco | 5 4400 Wireless Lan Controller, Catalyst 3750 Series Integrated Wireless Lan Controller, Catalyst 6500 Series Integrated Wireless Lan Controller and 2 more | 2023-12-10 | 7.8 HIGH | N/A |
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html. | |||||
CVE-2009-2866 | 1 Cisco | 1 Ios | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104. | |||||
CVE-2009-2862 | 1 Cisco | 1 Ios | 2023-12-10 | 4.3 MEDIUM | N/A |
The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252. | |||||
CVE-2009-2977 | 1 Cisco | 1 Cs-mars | 2023-12-10 | 3.3 LOW | N/A |
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files. | |||||
CVE-2008-2054 | 1 Cisco | 1 Ciscoworks Common Services | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors. | |||||
CVE-2008-3819 | 1 Cisco | 4 Gss 4480 Global Site Selector, Gss 4490 Global Site Selector, Gss 4491 Global Site Selector and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093. | |||||
CVE-2008-1155 | 1 Cisco | 1 Network Admission Control | 2023-12-10 | 10.0 HIGH | N/A |
Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs. |