Lucene search
K

5224 matches found

Cisco
Cisco
added 2016/12/07 4:0 p.m.25 views

Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA Switches and Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the affected interface on an...

4.3CVSS6AI score0.0128EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.16 views

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to insufficient input validation of some parameters that ar...

4.3CVSS6.1AI score0.01799EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.22 views

Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon emsd to crash, resulting in a denial of service DoS condition. The vulnerability is due to improper handling of HTTP requests...

5CVSS7.7AI score0.01589EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.30 views

Cisco Hybrid Media Service Privilege Escalation Vulnerability

A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. The vulnerability is due to incorrect installation and permissions settings on binary files during the Hybrid Media Service...

6.8CVSS7.6AI score0.00326EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.25 views

Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to improper validation of X.509 signatures during...

5.8CVSS7.4AI score0.01411EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.33 views

Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to incorrect...

6.8CVSS7.7AI score0.03473EPSS
Exploits0References1
Cisco
Cisco
added 2016/12/07 4:0 p.m.25 views

Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. The vulnerability i...

4.3CVSS5.7AI score0.01121EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/23 4:0 p.m.335 views

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016

Multiple Cisco products incorporate a version of the Network Time Protocol daemon ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or modify the time being advertised ...

5.3CVSS7.4AI score0.06255EPSS
Exploits2References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.39 views

Cisco ASA Input Validation File Injection Vulnerability

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. The vulnerability is due to improper user input validation. An attacker could exploit th...

4.3CVSS5.9AI score0.01791EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.29 views

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager CallManager could allow an unauthenticated, remote attacker to launch a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to...

4.3CVSS6AI score0.01543EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.36 views

Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...

5CVSS7.5AI score0.02585EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.28 views

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. The vulnerability is due to improper err...

5CVSS5.3AI score0.02012EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.42 views

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. The vulnerability is due to improper err...

5CVSS5.3AI score0.0113EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/16 4:0 p.m.47 views

Cisco Firepower System Software FTP Malware Vulnerability

A vulnerability in the FTP Representational State Transfer Application Programming Interface REST API for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. The vulnerability is due to ...

5CVSS7.6AI score0.01553EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/15 4:0 p.m.27 views

Cisco IOS XE Software Directory Traversal Vulnerability

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. The vulnerability is due to insufficient validation of files submitted to the affected installation utility...

1.5CVSS3.9AI score0.00296EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/14 4:0 p.m.45 views

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016

On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and one as “Low Severity.” Two of the vulnerabiliti...

5.9CVSS7.1AI score0.14225EPSS
Exploits1References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.36 views

Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability

A vulnerability in the Session Description Protocol SDP parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software performs incomplete input validation of the size of media...

7.5CVSS10AI score0.03984EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.39 views

Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability

A vulnerability in the Transaction Language 1 TL1 code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. The vulnerability exists because the affected software performs incomplete bounds checks o...

10CVSS9.7AI score0.04899EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.33 views

Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the...

5CVSS7.7AI score0.02207EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.27 views

Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote...

7.5CVSS9.9AI score0.0308EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.36 views

Cisco TelePresence Endpoints Local Command Injection Vulnerability

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. The vulnerability is due to incomplete input sanitization of some commands. An attacker could exploit this...

4.6CVSS6AI score0.00739EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.26 views

Cisco Prime Home Authentication Bypass Vulnerability

A vulnerability in the web-based graphical user interface GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to a processing error in the role-based access control...

10CVSS9.5AI score0.02702EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.25 views

Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure ACI could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of a type of Layer 2...

6.1CVSS6.3AI score0.0072EPSS
Exploits0References1
Cisco
Cisco
added 2016/11/02 4:0 p.m.41 views

Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability

A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 DPC2 could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service DoS condition. The vulnerability i...

5CVSS7.4AI score0.01747EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.34 views

Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System IPICS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed to the web...

4.3CVSS6.1AI score0.00833EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.26 views

Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability

A vulnerability in Advanced Malware Protection AMP for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition due to the AMP process unexpectedly restarting. The vulnerability is due to...

5CVSS7.4AI score0.02163EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.25 views

Cisco Email Security Appliance Drop Bypass Vulnerability

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. The vulnerability is due t...

5CVSS7.6AI score0.02419EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.25 views

Cisco Email and Web Security Appliance Malformed MIME Header Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to...

5CVSS7.6AI score0.02419EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.32 views

Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability

A vulnerability in the email filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering functionality of the...

5CVSS7.7AI score0.01634EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.35 views

Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient inpu...

4.3CVSS6.2AI score0.01098EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.43 views

Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System IPICS Universal Media Services UMS could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. The...

10CVSS9.7AI score0.02174EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.25 views

Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service DoS condition. The vulnerabili...

7.8CVSS7.6AI score0.02995EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.27 views

Cisco Email Security Appliance FTP Denial of Service Vulnerability

A vulnerability in local FTP to the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition when the FTP application unexpectedly quits. The vulnerability is due to improper input validation of user-supplied fields when...

5CVSS7.4AI score0.01747EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.22 views

Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the message filtering feature of...

7.8CVSS7.5AI score0.03021EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.25 views

Cisco Email Security Appliance Quarantine Email Rendering Vulnerability

A vulnerability in the display of email messages in the Messages in Quarantine MIQ view in Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate...

4.3CVSS6.2AI score0.01543EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.27 views

Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability

A cross-site request forgery CSRF vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An...

4.3CVSS6.8AI score0.00496EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.33 views

Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection AMP feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages du...

7.8CVSS7.6AI score0.02995EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 4:0 p.m.34 views

Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability

A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System IPICS could allow an authenticated, local attacker to elevate the privilege level associated with their session. The vulnerability is due to insufficient input validation. An attacker could...

6.6CVSS7.6AI score0.00294EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/26 3:0 p.m.76 views

Vulnerability in Linux Kernel Affecting Cisco Products: October 2016

On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow unprivileged, local users to gain write access to otherwise read-only memory mappings to increase their privileges on the system. Cisco has...

6.9CVSS7.3AI score0.83524EPSS
Exploits81References1
Cisco
Cisco
added 2016/10/26 12:0 p.m.32 views

Cisco Identity Services Engine SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. The vulnerability is due to insufficient controls on Structured Query Language SQL statements. An attacker could exploit...

4.9CVSS7.6AI score0.01102EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/19 4:0 p.m.22 views

Cisco Meeting Server Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a Web Bridge user. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the user of...

4.3CVSS8.9AI score0.00559EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/19 4:0 p.m.29 views

Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. The vulnerability is due to missing bounds checks in the Web Bridge functionality. An attacker could exploit this vulnerability by sending a crafted...

5CVSS7.4AI score0.014EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/19 4:0 p.m.41 views

Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability

A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an...

7.1CVSS7.6AI score0.01633EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/19 4:0 p.m.21 views

Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability

A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this...

9.3CVSS8.6AI score0.06659EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/19 4:0 p.m.23 views

Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability

A vulnerability in the local Certificate Authority CA feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit...

7.1CVSS7.5AI score0.02542EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/12 4:0 p.m.41 views

Cisco Meeting Server Client Authentication Bypass Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of the Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication schem...

6.4CVSS9.4AI score0.02514EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/12 4:0 p.m.44 views

Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of disk space. The user would see a performance degradation. The vulnerability is due...

4.3CVSS5.8AI score0.01729EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/12 4:0 p.m.24 views

Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability

A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. The vulnerability is due to a logic processing error that exis...

4.3CVSS5.8AI score0.01221EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/12 4:0 p.m.37 views

Cisco Finesse Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

4.3CVSS8.9AI score0.00927EPSS
Exploits0References1
Cisco
Cisco
added 2016/10/12 4:0 p.m.39 views

Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. The vulnerability is...

6.5CVSS8.6AI score0.02975EPSS
Exploits0References1
Total number of security vulnerabilities5224