| CVE-2026-20182 |
critical |
10.0 |
10.0 |
KEVEXP |
|
cisco |
20d ago |
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges… |
| CVE-2017-12372 |
critical |
9.6 |
9.6 |
|
|
cisco |
9y ago |
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.… |
| CVE-2017-12371 |
critical |
9.6 |
9.6 |
|
|
cisco |
9y ago |
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.… |
| CVE-2017-12370 |
critical |
9.6 |
9.6 |
|
|
cisco |
9y ago |
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.… |
| CVE-2017-12369 |
critical |
9.6 |
9.6 |
|
|
cisco |
9y ago |
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remot… |
| CVE-2017-12368 |
critical |
9.6 |
9.6 |
|
|
cisco |
9y ago |
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.… |
| CVE-2017-12367 |
critical |
9.6 |
9.6 |
|
|
cisco |
9y ago |
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A r… |
| CVE-2017-12337 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthoriz… |
| CVE-2017-12251 |
critical |
9.9 |
9.9 |
|
|
cisco |
9y ago |
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) op… |
| CVE-2017-12249 |
critical |
9.1 |
9.1 |
|
|
cisco |
9y ago |
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to… |
| CVE-2017-6747 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improp… |
| CVE-2017-6714 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The … |
| CVE-2017-6713 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due t… |
| CVE-2017-6711 |
critical |
9.1 |
9.1 |
|
|
cisco |
9y ago |
A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulne… |
| CVE-2017-6709 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (… |
| CVE-2017-6708 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive file… |
| CVE-2017-6667 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on… |
| CVE-2017-6640 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account… |
| CVE-2017-6639 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information… |
| CVE-2017-6622 |
critical |
9.8 |
10.0 |
EXP |
|
cisco |
9y ago |
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privil… |
| CVE-2017-3882 |
critical |
9.6 |
9.6 |
|
|
cisco |
9y ago |
A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or … |
| CVE-2017-3853 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow rem… |
| CVE-2017-3792 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or … |
| CVE-2017-3791 |
critical |
10.0 |
10.0 |
|
|
cisco |
10y ago |
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability … |
| CVE-2016-9223 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privi… |
| CVE-2016-6452 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full admini… |
| CVE-2016-6448 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerab… |
| CVE-2016-6447 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following produ… |
| CVE-2016-6397 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote att… |
| CVE-2016-6445 |
critical |
9.1 |
9.1 |
|
|
cisco |
10y ago |
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an un… |
| CVE-2016-6374 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. |
| CVE-2016-6394 |
critical |
9.1 |
9.1 |
|
|
cisco |
10y ago |
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug … |
| CVE-2016-1473 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, … |
| CVE-2016-1416 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bu… |
| CVE-2016-1289 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information … |
| CVE-2016-1388 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2… |
| CVE-2016-1387 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles aut… |
| CVE-2016-1343 |
critical |
10.0 |
10.0 |
|
|
cisco |
10y ago |
The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in co… |
| CVE-2016-1352 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. |
| CVE-2016-1313 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to… |
| CVE-2016-1291 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POS… |
| CVE-2015-6435 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows r… |
| CVE-2015-6323 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrativ… |
| CVE-2015-6314 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bu… |
| CVE-2015-6389 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account'… |
| CVE-2015-6298 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) device… |
| CVE-2015-6335 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Lin… |
| CVE-2015-4307 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, … |
| CVE-2015-4304 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read dat… |
| CVE-2015-6259 |
critical |
— |
9.4 |
|
|
cisco |
11y ago |
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 all… |
| CVE-2015-4262 |
critical |
— |
10.0 |
|
|
cisco |
11y ago |
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows… |
| CVE-2015-0713 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.… |
| CVE-2015-0701 |
critical |
— |
10.0 |
|
|
cisco |
11y ago |
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. |
| CVE-2015-0702 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the lang… |
| CVE-2015-0691 |
critical |
— |
9.3 |
|
|
cisco |
11y ago |
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. |
| CVE-2015-0653 |
critical |
— |
10.0 |
|
|
cisco |
11y ago |
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2… |
| CVE-2015-0589 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug… |
| CVE-2014-3389 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), … |
| CVE-2014-3333 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files … |
| CVE-2014-2198 |
critical |
— |
10.0 |
|
|
cisco |
12y ago |
Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the sup… |
| CVE-2014-2197 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which all… |
| CVE-2014-2196 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response,… |
| CVE-2014-2136 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of… |
| CVE-2014-2135 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of… |
| CVE-2014-2134 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a d… |
| CVE-2014-2133 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of… |
| CVE-2014-2171 |
critical |
— |
10.0 |
|
|
cisco |
12y ago |
Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP … |
| CVE-2014-2170 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as argume… |
| CVE-2014-2169 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal s… |
| CVE-2014-0679 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via … |
| CVE-2014-0709 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to th… |
| CVE-2014-0650 |
critical |
— |
10.0 |
|
|
cisco |
13y ago |
The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID… |
| CVE-2014-0649 |
critical |
— |
9.0 |
|
|
cisco |
13y ago |
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access … |
| CVE-2014-0648 |
critical |
— |
10.0 |
|
|
cisco |
13y ago |
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administr… |
| CVE-2013-5558 |
critical |
— |
10.0 |
|
|
cisco |
13y ago |
The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access… |
| CVE-2013-5530 |
critical |
— |
9.0 |
|
|
cisco |
13y ago |
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, an… |
| CVE-2013-5486 |
critical |
— |
10.0 |
EXP |
|
cisco |
13y ago |
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the c… |
| CVE-2013-1119 |
critical |
— |
9.3 |
|
|
cisco |
13y ago |
Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a … |
| CVE-2013-1118 |
critical |
— |
9.3 |
|
|
cisco |
13y ago |
Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code… |
| CVE-2013-1117 |
critical |
— |
9.3 |
|
|
cisco |
13y ago |
Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute a… |
| CVE-2013-1116 |
critical |
— |
9.3 |
|
|
cisco |
13y ago |
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or… |
| CVE-2013-1115 |
critical |
— |
9.3 |
|
|
cisco |
13y ago |
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or… |
| CVE-2013-3466 |
critical |
— |
9.3 |
|
|
cisco |
13y ago |
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which al… |
| CVE-2013-3454 |
critical |
— |
10.0 |
|
|
cisco |
13y ago |
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which ma… |
| CVE-2013-3444 |
critical |
— |
9.0 |
|
|
cisco |
13y ago |
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before… |
| CVE-2013-3443 |
critical |
— |
10.0 |
|
|
cisco |
13y ago |
The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbi… |
| CVE-2013-3430 |
critical |
— |
10.0 |
EXP |
|
cisco |
13y ago |
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Br… |
| CVE-2013-1221 |
critical |
— |
10.0 |
|
|
cisco |
13y ago |
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbi… |
| CVE-2013-1192 |
critical |
— |
9.3 |
|
|
cisco |
13y ago |
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows c… |
| CVE-2013-1169 |
critical |
— |
9.3 |
|
|
cisco |
13y ago |
Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify c… |
| CVE-2012-6392 |
critical |
— |
10.0 |
|
linux-kernel |
cisco |
14y ago |
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arb… |
| CVE-2012-5417 |
critical |
— |
10.0 |
|
|
cisco |
14y ago |
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands… |
| CVE-2012-3941 |
critical |
— |
9.3 |
|
|
cisco |
14y ago |
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka … |
| CVE-2012-3940 |
critical |
— |
9.3 |
|
|
cisco |
14y ago |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt… |
| CVE-2012-3939 |
critical |
— |
9.3 |
|
|
cisco |
14y ago |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory co… |
| CVE-2012-3938 |
critical |
— |
9.3 |
|
|
cisco |
14y ago |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt… |
| CVE-2012-3937 |
critical |
— |
9.3 |
|
|
cisco |
14y ago |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCt… |
| CVE-2012-3936 |
critical |
— |
9.3 |
|
|
cisco |
14y ago |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCu… |
| CVE-2012-4655 |
critical |
— |
9.3 |
|
|
cisco |
14y ago |
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code … |
| CVE-2012-3088 |
critical |
— |
9.3 |
|
|
cisco |
14y ago |
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspec… |
