Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Total 6180 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0792 1 Cisco 2 Content Services Switch 11000, Webns 2024-02-28 5.0 MEDIUM N/A
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
CVE-2004-0054 1 Cisco 1 Ios 2024-02-28 7.5 HIGH N/A
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
CVE-2003-0512 1 Cisco 1 Ios 2024-02-28 5.0 MEDIUM N/A
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
CVE-2002-2239 1 Cisco 3 Catalyst 6500, Catalyst 7600, Ios 2024-02-28 7.8 HIGH N/A
The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.
CVE-2002-1359 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2024-02-28 10.0 HIGH N/A
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2000-0150 2 Checkpoint, Cisco 2 Firewall-1, Pix Firewall Software 2024-02-28 7.5 HIGH N/A
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.
CVE-2002-1093 1 Cisco 1 Vpn 3000 Concentrator Series Software 2024-02-28 5.0 MEDIUM N/A
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.
CVE-2004-1436 1 Cisco 1 Optical Networking Systems Software 2024-02-28 7.5 HIGH N/A
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.
CVE-2002-1095 1 Cisco 3 Secure Access Control Server, Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client 2024-02-28 5.0 MEDIUM N/A
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
CVE-2001-1065 1 Cisco 1 Cbos 2024-02-28 5.0 MEDIUM N/A
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
CVE-2002-1099 1 Cisco 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client 2024-02-28 5.0 MEDIUM N/A
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
CVE-2001-0163 1 Cisco 1 Aironet Ap340 2024-02-28 4.6 MEDIUM N/A
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
CVE-2000-0955 1 Cisco 1 Virtual Central Office 4000 2024-02-28 7.5 HIGH N/A
Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.
CVE-2004-0244 1 Cisco 1 Ios 2024-02-28 4.7 MEDIUM N/A
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.
CVE-2002-1553 1 Cisco 1 Optical Networking Systems Software 2024-02-28 7.5 HIGH N/A
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
CVE-2002-1190 1 Cisco 1 Unity Server 2024-02-28 7.5 HIGH N/A
Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls.
CVE-2002-1706 1 Cisco 3 Ios, Ubr7100, Ubr7200 2024-02-28 5.0 MEDIUM 7.5 HIGH
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2024-02-28 5.0 MEDIUM N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2004-1461 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2024-02-28 7.5 HIGH N/A
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
CVE-2002-1100 1 Cisco 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client 2024-02-28 5.0 MEDIUM N/A
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface.