Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service (device reload) via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Securi…
Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted…
Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, …
Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756.
The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords v…
Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not prop…
Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by …
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows rem…
Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787.
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series…
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug380…
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbi…
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue2…
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a cra…
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.
Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057.
TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bu…
Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspe…
Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML …
Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script …
Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary…
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System,…
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, ak…
Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a…
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows c…
The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visit…
Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a d…
The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug …
The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service c…
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vec…
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, …
Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify c…
Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration Mediation (HCM) in Cisco Hosted Collaboration Solution allows remote attackers to cause a denial of service (temporary service han…
Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script…
The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a …
The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76 a…
Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676.
The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via cra…
The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle att…
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a cra…
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736.
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Con…
Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims vi…
Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug I…
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown v…
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue2…
Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136.
Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu8106…
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted applicati…
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication o…
Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub619…
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arb…
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, ak…
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, whi…
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands…
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka …
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory co…
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt…
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCu…
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code …
The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denia…
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances bef…
The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffi…
sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and tr…
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug …
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, w…
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspec…
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive …
Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369.
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof …
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoo…
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoo…
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attac…
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443,…
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1…
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows rem…
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP…
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1…
Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 a…
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict …
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the…
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to t…
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linu…
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after a…
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary H…
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate direc…
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that…
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted respo…
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to c…
