Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Total 6184 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1706 1 Cisco 3 Ios, Ubr7100, Ubr7200 2024-02-28 5.0 MEDIUM 7.5 HIGH
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2024-02-28 5.0 MEDIUM N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2004-1461 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2024-02-28 7.5 HIGH N/A
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
CVE-2002-1100 1 Cisco 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client 2024-02-28 5.0 MEDIUM N/A
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface.
CVE-2001-0412 1 Cisco 3 Content Services Switch 11050, Content Services Switch 11150, Content Services Switch 11800 2024-02-28 7.2 HIGH N/A
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
CVE-2000-1054 1 Cisco 1 Secure Access Control Server 2024-02-28 10.0 HIGH N/A
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
CVE-2003-1109 1 Cisco 4 Ios, Ip Phone 7940, Ip Phone 7960 and 1 more 2024-02-28 7.5 HIGH N/A
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
CVE-1999-1175 1 Cisco 1 Ios 2024-02-28 7.5 HIGH N/A
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
CVE-1999-1000 1 Cisco 1 Cache Engine 2024-02-28 5.0 MEDIUM N/A
The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics.
CVE-2001-0041 1 Cisco 1 Catos 2024-02-28 7.8 HIGH N/A
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
CVE-2001-0753 1 Cisco 1 Cbos 2024-02-28 7.5 HIGH N/A
Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.
CVE-2001-1210 1 Cisco 3 Ubr920, Ubr924, Ubr925 2024-02-28 6.4 MEDIUM N/A
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.
CVE-2001-1037 1 Cisco 1 Sn 5420 Storage Router Firmware 2024-02-28 4.6 MEDIUM N/A
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged.
CVE-2004-0352 1 Cisco 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more 2024-02-28 5.0 MEDIUM N/A
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
CVE-2001-0055 1 Cisco 2 Broadband Operating System, Cisco 6xx Routers 2024-02-28 5.0 MEDIUM N/A
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
CVE-2000-0945 1 Cisco 1 Catalyst 3500 Xl 2024-02-28 10.0 HIGH N/A
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
CVE-2002-1097 1 Cisco 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client 2024-02-28 7.5 HIGH N/A
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.
CVE-1999-0445 1 Cisco 1 Ios 2024-02-28 5.0 MEDIUM N/A
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.
CVE-1999-0230 1 Cisco 1 Ios 2024-02-28 5.0 MEDIUM N/A
Buffer overflow in Cisco 7xx routers through the telnet service.
CVE-2003-0258 1 Cisco 7 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3005 Concentrator Software and 4 more 2024-02-28 7.5 HIGH N/A
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.