| CVE-2013-1134 |
high |
— |
7.1 |
|
|
cisco |
14y ago |
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, … |
| CVE-2013-1133 |
high |
— |
7.8 |
|
|
cisco |
14y ago |
Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and… |
| CVE-2013-1139 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a cra… |
| CVE-2013-1129 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. |
| CVE-2013-1125 |
medium |
— |
6.8 |
|
|
cisco |
14y ago |
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Con… |
| CVE-2013-1128 |
medium |
— |
6.8 |
|
|
cisco |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims vi… |
| CVE-2013-1123 |
medium |
— |
4.3 |
|
|
cisco |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug I… |
| CVE-2013-1114 |
medium |
— |
5.3 |
EXP |
|
cisco |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. |
| CVE-2013-1120 |
medium |
— |
7.8 |
EXP |
|
cisco |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown v… |
| CVE-2013-1107 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. |
| CVE-2013-1113 |
medium |
— |
4.3 |
|
|
cisco |
14y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue2… |
| CVE-2013-1112 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. |
| CVE-2013-1110 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu8106… |
| CVE-2013-1108 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. |
| CVE-2012-5429 |
medium |
— |
4.6 |
|
|
cisco |
14y ago |
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted applicati… |
| CVE-2013-1109 |
medium |
— |
6.8 |
|
|
cisco |
14y ago |
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication o… |
| CVE-2012-6397 |
medium |
— |
4.3 |
|
|
cisco |
14y ago |
Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub619… |
| CVE-2012-5444 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, ak… |
| CVE-2012-5424 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, whi… |
| CVE-2012-5416 |
high |
— |
7.8 |
|
|
cisco |
14y ago |
Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon han… |
| CVE-2012-3949 |
high |
— |
7.8 |
|
|
cisco |
14y ago |
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2… |
| CVE-2012-3919 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denia… |
| CVE-2012-3908 |
medium |
— |
6.8 |
|
|
cisco |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances bef… |
| CVE-2012-3901 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffi… |
| CVE-2012-3899 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and tr… |
| CVE-2012-3096 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug … |
| CVE-2012-3094 |
medium |
— |
5.0 |
|
linux-kernel |
cisco |
14y ago |
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, w… |
| CVE-2012-3060 |
high |
— |
7.8 |
|
|
cisco |
14y ago |
Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269. |
| CVE-2012-3052 |
medium |
— |
6.9 |
|
|
cisco |
14y ago |
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. |
| CVE-2012-4629 |
high |
— |
7.8 |
|
|
cisco |
14y ago |
The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to caus… |
| CVE-2012-3935 |
high |
— |
7.8 |
|
|
cisco |
14y ago |
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted … |
| CVE-2012-1348 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive … |
| CVE-2012-1346 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. |
| CVE-2012-2500 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof … |
| CVE-2012-2499 |
medium |
— |
5.8 |
|
|
cisco |
14y ago |
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoo… |
| CVE-2012-2498 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoo… |
| CVE-2012-2490 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. |
| CVE-2012-1342 |
medium |
5.8 |
5.8 |
|
|
cisco |
14y ago |
Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. |
| CVE-2012-1370 |
low |
— |
3.5 |
|
|
cisco |
14y ago |
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. |
| CVE-2012-3074 |
high |
— |
8.3 |
|
|
cisco |
14y ago |
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request … |
| CVE-2012-3073 |
high |
— |
7.8 |
|
|
cisco |
14y ago |
The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to… |
| CVE-2012-2486 |
high |
— |
8.3 |
|
|
cisco |
14y ago |
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1… |
| CVE-2012-3063 |
high |
— |
7.1 |
|
|
cisco |
14y ago |
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows r… |
| CVE-2012-2496 |
medium |
— |
6.8 |
|
|
cisco |
14y ago |
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict … |
| CVE-2012-2495 |
medium |
— |
4.3 |
|
|
cisco |
14y ago |
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the… |
| CVE-2012-2494 |
medium |
— |
4.3 |
|
|
cisco |
14y ago |
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to t… |
| CVE-2012-0376 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after a… |
| CVE-2011-4237 |
medium |
— |
4.3 |
|
|
cisco |
14y ago |
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary H… |
| CVE-2011-4232 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate direc… |
| CVE-2011-4022 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that… |
| CVE-2011-4019 |
medium |
— |
5.4 |
|
|
cisco |
14y ago |
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted respo… |
| CVE-2012-0361 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to c… |
| CVE-2012-0337 |
medium |
— |
6.5 |
|
|
cisco |
14y ago |
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. |
| CVE-2012-0333 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML doc… |
| CVE-2011-4014 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. |
| CVE-2011-3283 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887. |
| CVE-2011-2583 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth338… |
| CVE-2012-0356 |
high |
— |
7.8 |
|
|
cisco |
14y ago |
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(… |
| CVE-2012-0367 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segmen… |
| CVE-2012-0359 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445. |
| CVE-2012-0331 |
high |
— |
7.5 |
|
|
cisco |
15y ago |
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE… |
| CVE-2012-0330 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. |
| CVE-2011-4487 |
medium |
— |
6.8 |
|
|
cisco |
15y ago |
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edi… |
| CVE-2011-4486 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before … |
| CVE-2012-0364 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload reques… |
| CVE-2011-4500 |
high |
— |
7.5 |
|
|
cisco |
15y ago |
The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer… |
| CVE-2011-4499 |
high |
— |
7.5 |
|
|
cisco |
15y ago |
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before … |
| CVE-2011-0941 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attack… |
| CVE-2011-3318 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause… |
| CVE-2011-3315 |
high |
— |
8.8 |
EXP |
|
cisco |
15y ago |
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (… |
| CVE-2011-2042 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and dat… |
| CVE-2011-2585 |
medium |
— |
6.5 |
|
|
cisco |
15y ago |
Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. |
| CVE-2011-2584 |
high |
— |
7.5 |
|
|
cisco |
15y ago |
Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) … |
| CVE-2011-3294 |
medium |
— |
4.3 |
|
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to… |
| CVE-2011-3305 |
high |
— |
8.8 |
EXP |
|
cisco |
15y ago |
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755. |
| CVE-2011-3303 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 b… |
| CVE-2011-3302 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 b… |
| CVE-2011-3301 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 b… |
| CVE-2011-3300 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 b… |
| CVE-2011-3299 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 b… |
| CVE-2011-3298 |
high |
— |
7.9 |
|
|
cisco |
15y ago |
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 b… |
| CVE-2011-3297 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attacke… |
| CVE-2011-3296 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (m… |
| CVE-2011-3288 |
high |
7.5 |
7.5 |
|
|
cisco |
15y ago |
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process cr… |
| CVE-2011-3287 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which al… |
| CVE-2011-2072 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.… |
| CVE-2011-2544 |
low |
— |
4.5 |
EXP |
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a c… |
| CVE-2011-2581 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comment… |
| CVE-2011-2577 |
high |
— |
8.8 |
EXP |
|
cisco |
15y ago |
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to … |
| CVE-2011-2564 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8… |
| CVE-2011-2563 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8… |
| CVE-2011-2562 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows rem… |
| CVE-2011-2561 |
high |
— |
7.1 |
|
|
cisco |
15y ago |
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain sit… |
| CVE-2011-2560 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial … |
| CVE-2011-2546 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via … |
| CVE-2011-2678 |
medium |
— |
6.8 |
|
|
cisco |
15y ago |
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing t… |
| CVE-2011-2041 |
high |
— |
7.2 |
|
|
cisco |
15y ago |
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain pri… |
| CVE-2011-2039 |
high |
— |
8.6 |
EXP |
|
cisco |
15y ago |
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.… |
| CVE-2011-1649 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash)… |
| CVE-2011-1647 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2… |
