Filtered by vendor Cisco
Subscribe
Total
2155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1437 | 1 Cisco | 1 Prime Collaboration Deployment | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | |||||
| CVE-2016-1319 | 1 Cisco | 4 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unified Contact Center Express and 1 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. | |||||
| CVE-2016-6438 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1). | |||||
| CVE-2016-1398 | 1 Cisco | 6 Rv110w, Rv110w Firmware, Rv130w and 3 more | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. | |||||
| CVE-2016-1316 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. | |||||
| CVE-2016-1471 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232. | |||||
| CVE-2016-1431 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | |||||
| CVE-2016-1288 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840. | |||||
| CVE-2016-6395 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. | |||||
| CVE-2016-6412 | 1 Cisco | 1 Ios | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773. | |||||
| CVE-2016-9224 | 1 Cisco | 1 Jabber Guest | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0). | |||||
| CVE-2016-6473 | 1 Cisco | 1 Ios | 2025-04-12 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux07028. Known Affected Releases: 15.2(3)E. Known Fixed Releases: 12.2(50)SE4 12.2(50)SE5 12.2(50)SQ5 12.2(50)SQ6 12.2(50)SQ7 12.2(52)EY4 12.2(52)SE1 12.2(53)EX 12.2(53)SE 12.2(53)SE1 12.2(53)SE2 12.2(53)SG10 12.2(53)SG11 12.2(53)SG2 12.2(53)SG9 12.2(54)SG1 12.2(55)EX3 12.2(55)SE 12.2(55)SE1 12.2(55)SE10 12.2(55)SE2 12.2(55)SE3 12.2(55)SE4 12.2(55)SE5 12.2(55)SE6 12.2(55)SE7 12.2(55)SE8 12.2(55)SE9 12.2(58)EZ 12.2(58)SE1 12.2(58)SE2 12.2(60)EZ 12.2(60)EZ1 12.2(60)EZ2 12.2(60)EZ3 12.2(60)EZ4 12.2(60)EZ5 12.2(60)EZ6 12.2(60)EZ7 12.2(60)EZ8 15.0(1)EY2 15.0(1)SE 15.0(1)SE2 15.0(1)SE3 15.0(2)EA 15.0(2)EB 15.0(2)EC 15.0(2)ED 15.0(2)EH 15.0(2)EJ 15.0(2)EJ1 15.0(2)EK1 15.0(2)EX 15.0(2)EX1 15.0(2)EX3 15.0(2)EX4 15.0(2)EX5 15.0(2)EY 15.0(2)EY1 15.0(2)EY2 15.0(2)EZ 15.0(2)SE 15.0(2)SE1 15.0(2)SE2 15.0(2)SE3 15.0(2)SE4 15.0(2)SE5 15.0(2)SE6 15.0(2)SE7 15.0(2)SE9 15.0(2)SG10 15.0(2)SG3 15.0(2)SG6 15.0(2)SG7 15.0(2)SG8 15.0(2)SG9 15.0(2a)EX5 15.1(2)SG 15.1(2)SG1 15.1(2)SG2 15.1(2)SG3 15.1(2)SG4 15.1(2)SG5 15.1(2)SG6 15.2(1)E 15.2(1)E1 15.2(1)E2 15.2(1)E3 15.2(1)EY 15.2(2)E 15.2(2)E3 15.2(2b)E. | |||||
| CVE-2016-6472 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404). | |||||
| CVE-2016-1452 | 1 Cisco | 2 Asr 5000, Asr 5000 Software | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | |||||
| CVE-2016-1451 | 1 Cisco | 1 Meeting Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. | |||||
| CVE-2016-9204 | 1 Cisco | 2 Nexus 1000v, Nexus 1000v Intercloud Firmware | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1000V InterCloud is affected. More Information: CSCus99379. Known Affected Releases: 2.2(1). | |||||
| CVE-2016-6463 | 1 Cisco | 1 Email Security Appliance Firmware | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. | |||||
| CVE-2014-2120 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. | |||||
| CVE-2016-1342 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | |||||
| CVE-2016-6405 | 1 Cisco | 1 Fog Director | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. | |||||