Filtered by vendor Cisco
Subscribe
Total
6186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0029 | 1 Cisco | 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
| Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | |||||
| CVE-2008-0028 | 1 Cisco | 4 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 and 1 more | 2024-11-21 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. | |||||
| CVE-2008-0027 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2024-11-21 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. | |||||
| CVE-2008-0026 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2024-11-21 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | |||||
| CVE-2007-6190 | 1 Cisco | 1 Unified Ip Phone | 2024-11-21 | 3.5 LOW | N/A |
| The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. | |||||
| CVE-2007-5651 | 1 Cisco | 2 Catos, Ios | 2024-11-21 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet. | |||||
| CVE-2007-5584 | 1 Cisco | 3 7600 Router, Catalyst 6500, Firewall Services Module | 2024-11-21 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections." | |||||
| CVE-2007-5583 | 1 Cisco | 1 Ip Phone 7940 | 2024-11-21 | 7.8 HIGH | N/A |
| Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. | |||||
| CVE-2007-5582 | 1 Cisco | 1 Ciscoworks Server | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5581 | 1 Cisco | 1 Unified Meetingplace | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. | |||||
| CVE-2007-5580 | 1 Cisco | 1 Security Agent | 2024-11-21 | 10.0 HIGH | N/A |
| Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. | |||||
| CVE-2007-5571 | 1 Cisco | 1 Firewall Services Module | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536. | |||||
| CVE-2007-5570 | 1 Cisco | 1 Firewall Services Module | 2024-11-21 | 7.8 HIGH | N/A |
| Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844. | |||||
| CVE-2007-5569 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Pix 500 | 2024-11-21 | 7.1 HIGH | N/A |
| Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120. | |||||
| CVE-2007-5568 | 1 Cisco | 2 Adaptive Security Appliance Software, Firewall Services Module | 2024-11-21 | 7.1 HIGH | N/A |
| Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM). | |||||
| CVE-2007-5552 | 1 Cisco | 1 Ios | 2024-11-21 | 9.3 HIGH | N/A |
| Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5551 | 1 Cisco | 1 Ios | 2024-11-21 | 7.1 HIGH | N/A |
| Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5550 | 1 Cisco | 1 Ios | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5549 | 1 Cisco | 1 Ios | 2024-11-21 | 2.1 LOW | N/A |
| Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5548 | 1 Cisco | 1 Ios | 2024-11-21 | 6.9 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||