Filtered by vendor Cisco
Subscriptions
Total
6617 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3345 | 1 Cisco | 1 Transport Gateway Installation Software | 2025-04-12 | N/A |
| The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503. | ||||
| CVE-2014-3356 | 1 Cisco | 1 Ios Xe | 2025-04-12 | N/A |
| The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753. | ||||
| CVE-2014-3373 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. | ||||
| CVE-2015-6297 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2025-04-12 | N/A |
| The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | ||||
| CVE-2014-3327 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. | ||||
| CVE-2015-6299 | 1 Cisco | 1 Unity Connection | 2025-04-12 | N/A |
| SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | ||||
| CVE-2015-6300 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | N/A |
| Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. | ||||
| CVE-2015-6302 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | N/A |
| The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. | ||||
| CVE-2015-6304 | 1 Cisco | 1 Telepresence Server Software | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760. | ||||
| CVE-2015-6306 | 3 Apple, Cisco, Linux | 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel | 2025-04-12 | N/A |
| Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947. | ||||
| CVE-2015-6307 | 1 Cisco | 1 Firepower | 2025-04-12 | N/A |
| Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871. | ||||
| CVE-2015-6308 | 1 Cisco | 1 Nx-os | 2025-04-12 | N/A |
| Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. | ||||
| CVE-2014-3336 | 1 Cisco | 1 Unity Connection | 2025-04-12 | N/A |
| SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | ||||
| CVE-2015-6311 | 1 Cisco | 1 Wireless Lan Controller | 2025-04-12 | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236. | ||||
| CVE-2016-6362 | 1 Cisco | 1 Aironet Access Point Software | 2025-04-12 | N/A |
| Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725. | ||||
| CVE-2014-3320 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. | ||||
| CVE-2015-6316 | 1 Cisco | 1 Mobility Services Engine | 2025-04-12 | N/A |
| The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | ||||
| CVE-2015-6317 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | ||||
| CVE-2014-3337 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. | ||||
| CVE-2014-3381 | 1 Cisco | 1 Asyncos | 2025-04-12 | N/A |
| The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934. | ||||