Filtered by vendor Cisco
Subscribe
Total
6180 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1001 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. | |||||
CVE-2002-0938 | 1 Cisco | 1 Secure Access Control Server | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. | |||||
CVE-2003-0210 | 1 Cisco | 1 Secure Access Control Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. | |||||
CVE-1999-1306 | 1 Cisco | 1 Ios | 2024-02-28 | 7.5 HIGH | N/A |
Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters. | |||||
CVE-1999-0889 | 1 Cisco | 1 675 Router | 2024-02-28 | 7.5 HIGH | N/A |
Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. | |||||
CVE-2002-0853 | 1 Cisco | 1 Vpn Client | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | |||||
CVE-2002-1558 | 1 Cisco | 1 Optical Networking Systems Software | 2024-02-28 | 10.0 HIGH | N/A |
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. | |||||
CVE-1999-1126 | 1 Cisco | 1 Resource Manager | 2024-02-28 | 2.1 LOW | N/A |
Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_". | |||||
CVE-2000-1055 | 1 Cisco | 1 Secure Access Control Server | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. | |||||
CVE-2002-2140 | 1 Cisco | 1 Pix Firewall Software | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS. | |||||
CVE-2001-0669 | 4 Cisco, Enterasys, Iss and 1 more | 6 Catalyst 6000 Intrusion Detection System Module, Secure Intrusion Detection System, Dragon and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. | |||||
CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||||
CVE-2002-0849 | 1 Cisco | 1 Iscsi Driver | 2024-02-28 | 4.6 MEDIUM | N/A |
Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. | |||||
CVE-2003-1132 | 1 Cisco | 2 Content Services Switch 11000, Content Services Switch 11500 | 2024-02-28 | 5.0 MEDIUM | N/A |
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server. | |||||
CVE-2002-0952 | 1 Cisco | 1 Optical Networking Systems Software | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface. | |||||
CVE-2000-0380 | 1 Cisco | 1 Ios | 2024-02-28 | 7.1 HIGH | N/A |
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | |||||
CVE-2004-0307 | 1 Cisco | 1 Optical Networking Systems Software | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. | |||||
CVE-2001-0622 | 1 Cisco | 1 Content Services Switch 11000 | 2024-02-28 | 7.5 HIGH | N/A |
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. | |||||
CVE-2002-1189 | 1 Cisco | 1 Unity Server | 2024-02-28 | 4.6 MEDIUM | N/A |
The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. | |||||
CVE-2001-0929 | 1 Cisco | 1 Ios | 2024-02-28 | 7.5 HIGH | N/A |
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. |