Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Total 6184 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1446 1 Cisco 1 Webex Meetings Server 2024-02-28 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.
CVE-2016-6410 1 Cisco 1 Ios 2024-02-28 6.8 MEDIUM 6.5 MEDIUM
The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.
CVE-2016-6365 1 Cisco 1 Firepower Management Center 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.
CVE-2015-6366 1 Cisco 1 Ios 2024-02-28 5.0 MEDIUM N/A
Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.
CVE-2016-1408 1 Cisco 2 Evolved Programmable Network Manager, Prime Infrastructure 2024-02-28 6.5 MEDIUM 8.8 HIGH
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.
CVE-2015-6376 1 Cisco 1 Telepresence Video Communication Server Software 2024-02-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.
CVE-2016-1431 1 Cisco 1 Firepower Management Center 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
CVE-2016-1362 1 Cisco 1 Aireos 2024-02-28 7.8 HIGH 7.5 HIGH
Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCun86747.
CVE-2015-6282 1 Cisco 1 Ios Xe 2024-02-28 7.8 HIGH N/A
Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933.
CVE-2015-6334 1 Cisco 1 Asr 5000 Software 2024-02-28 5.0 MEDIUM N/A
Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984.
CVE-2016-1352 1 Cisco 1 Unified Computing System Central Software 2024-02-28 7.5 HIGH 9.8 CRITICAL
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
CVE-2016-6454 1 Cisco 1 Hosted Collaboration Mediation Fulfillment 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216).
CVE-2016-6404 1 Cisco 1 Ios 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.
CVE-2016-1468 1 Cisco 1 Telepresence Video Communication Server 2024-02-28 6.5 MEDIUM 8.8 HIGH
The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.
CVE-2016-6425 1 Cisco 2 Unified Contact Center Express, Unified Intelligence Center 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
CVE-2015-6318 1 Cisco 1 Telepresence Video Communication Server Software 2024-02-28 6.9 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.
CVE-2016-1397 1 Cisco 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more 2024-02-28 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
CVE-2016-6426 1 Cisco 2 Unified Contact Center Express, Unified Intelligence Center 2024-02-28 4.3 MEDIUM 7.5 HIGH
The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.
CVE-2016-1449 1 Cisco 1 Webex Meetings Server 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711.
CVE-2016-1350 6 Cisco, Lenovo, Samsung and 3 more 6 Ios Xe, Thinkcentre E75s Firmware, X14j Firmware and 3 more 2024-02-28 7.8 HIGH 7.5 HIGH
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.