Filtered by vendor Cisco
Subscriptions
Total
6314 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-5534 | 1 Cisco | 1 Unity Connection | 2025-04-11 | N/A |
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948. | ||||
CVE-2013-5533 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2025-04-11 | N/A |
The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. | ||||
CVE-2010-2815 | 1 Cisco | 17 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 and 14 more | 2025-04-11 | N/A |
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259. | ||||
CVE-2013-5532 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2025-04-11 | N/A |
Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343. | ||||
CVE-2013-5531 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. | ||||
CVE-2010-2814 | 1 Cisco | 17 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 and 14 more | 2025-04-11 | N/A |
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506. | ||||
CVE-2013-5530 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. | ||||
CVE-2013-5529 | 1 Cisco | 1 Webex Meetings Server | 2025-04-11 | N/A |
The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200. | ||||
CVE-2010-2629 | 1 Cisco | 2 Ace 4710, Content Services Switch 11500 | 2025-04-11 | N/A |
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. | ||||
CVE-2013-5528 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815. | ||||
CVE-2013-5525 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502. | ||||
CVE-2010-2506 | 1 Cisco | 2 Linksys Firmware, Linksys Wap54g | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. | ||||
CVE-2013-5524 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655. | ||||
CVE-2013-5523 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666. | ||||
CVE-2010-2082 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2025-04-11 | N/A |
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. | ||||
CVE-2013-5522 | 1 Cisco | 2 Catalyst 3750-x, Ios | 2025-04-11 | N/A |
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | ||||
CVE-2013-5521 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. | ||||
CVE-2010-2026 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2025-04-11 | N/A |
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. | ||||
CVE-2013-5519 | 1 Cisco | 1 Wireless Lan Controller | 2025-04-11 | N/A |
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. | ||||
CVE-2013-5517 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-11 | N/A |
SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. |