Filtered by vendor Cisco
Subscriptions
Total
6617 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6452 | 1 Cisco | 1 Prime Home | 2025-04-12 | N/A |
| A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2). | ||||
| CVE-2016-6419 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | N/A |
| SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | ||||
| CVE-2014-3308 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2025-04-12 | N/A |
| Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. | ||||
| CVE-2014-3305 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. | ||||
| CVE-2014-3302 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. | ||||
| CVE-2014-3342 | 1 Cisco | 2 Cli, Ios Xr | 2025-04-12 | N/A |
| The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. | ||||
| CVE-2014-3287 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. | ||||
| CVE-2014-3280 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. | ||||
| CVE-2014-3293 | 1 Cisco | 2 Asr901, Ios | 2025-04-12 | N/A |
| Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736. | ||||
| CVE-2014-3277 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | ||||
| CVE-2014-3300 | 1 Cisco | 2 Unified Cdm Application Software, Unified Communications Domain Manager | 2025-04-12 | N/A |
| The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041. | ||||
| CVE-2014-3311 | 1 Cisco | 2 Webex Meeting Center, Webex Meetings Server | 2025-04-12 | N/A |
| Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467. | ||||
| CVE-2014-3261 | 1 Cisco | 27 Cg-os, Cgr 1120, Cgr 1240 and 24 more | 2025-04-12 | N/A |
| Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322. | ||||
| CVE-2016-1389 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. | ||||
| CVE-2014-3266 | 1 Cisco | 1 Security Manager | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189. | ||||
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2025-04-12 | N/A |
| SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | ||||
| CVE-2014-3267 | 1 Cisco | 1 Security Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427. | ||||
| CVE-2016-1288 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | N/A |
| The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840. | ||||
| CVE-2014-3276 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780. | ||||
| CVE-2014-3312 | 1 Cisco | 16 Spa901 1-line Ip Phone, Spa922 1-line Ip Phone With 1-port Ethernet, Spa941 4-line Ip Phone With 1-port Ethernet and 13 more | 2025-04-12 | N/A |
| The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435. | ||||