Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Ios
Total 603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0161 1 Cisco 1 Ios 2025-04-03 7.5 HIGH N/A
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2025-04-03 5.0 MEDIUM N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2002-2315 1 Cisco 1 Ios 2025-04-03 7.8 HIGH N/A
Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
CVE-2004-0589 1 Cisco 1 Ios 2025-04-03 4.3 MEDIUM N/A
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
CVE-2005-0195 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
CVE-2002-0813 1 Cisco 1 Ios 2025-04-03 7.1 HIGH N/A
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
CVE-2005-0186 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
CVE-2006-4775 1 Cisco 2 Catos, Ios 2025-04-03 7.8 HIGH N/A
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.
CVE-2002-2053 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
CVE-1999-0162 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.
CVE-2002-2052 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2025-04-03 5.0 MEDIUM 7.5 HIGH
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2005-4258 1 Cisco 71 Catalyst, Catalyst 1200 Series, Catalyst 1900 Series and 68 more 2025-04-03 7.8 HIGH N/A
Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
CVE-2000-0268 1 Cisco 12 3660 Router, 7100 Router, 7200 Router and 9 more 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
CVE-2002-0339 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
CVE-1999-1129 1 Cisco 2 Catalyst 2900 Vlan, Ios 2025-04-03 7.5 HIGH N/A
Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.
CVE-2002-1359 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2025-04-03 10.0 HIGH N/A
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2002-1357 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2025-04-03 10.0 HIGH N/A
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2005-2841 1 Cisco 1 Ios 2025-04-03 7.5 HIGH N/A
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials.
CVE-2000-0380 1 Cisco 1 Ios 2025-04-03 7.1 HIGH N/A
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.