Lucene search

K

85 matches found

CVE
CVE
added 2023/10/10 2:15 p.m.4408 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS
CVE
CVE
added 2018/03/28 10:29 p.m.1006 views

CVE-2018-0167

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevat...

8.8CVSS8.9AI score0.01893EPSS
CVE
CVE
added 2020/09/23 1:15 a.m.1004 views

CVE-2020-3569

Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually cr...

8.6CVSS8.3AI score0.19978EPSS
CVE
CVE
added 2010/08/30 9:0 p.m.958 views

CVE-2010-3035

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, a...

7.5CVSS6.7AI score0.05752EPSS
CVE
CVE
added 2020/02/05 6:15 p.m.933 views

CVE-2020-3118

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco ...

8.8CVSS8.8AI score0.00168EPSS
CVE
CVE
added 2016/09/19 1:59 a.m.558 views

CVE-2016-6415

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bu...

7.5CVSS7.2AI score0.92948EPSS
CVE
CVE
added 2019/07/06 2:15 a.m.427 views

CVE-2019-1909

A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update me...

6.8CVSS6.2AI score0.00527EPSS
CVE
CVE
added 2019/08/07 9:15 p.m.108 views

CVE-2019-1910

A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service (DoS) condition. The vulnerability is due to inc...

7.4CVSS7.3AI score0.00152EPSS
CVE
CVE
added 2019/08/07 10:15 p.m.101 views

CVE-2019-1918

A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorre...

7.4CVSS7.4AI score0.00078EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.87 views

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file trans...

8.5CVSS7.9AI score0.01179EPSS
CVE
CVE
added 2019/05/16 2:29 a.m.85 views

CVE-2019-1849

A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due ...

7.4CVSS6.8AI score0.00128EPSS
CVE
CVE
added 2020/11/12 2:15 a.m.83 views

CVE-2020-26070

A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource...

8.6CVSS8.6AI score0.01033EPSS
CVE
CVE
added 2023/03/09 10:15 p.m.83 views

CVE-2023-20064

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary comman...

4.6CVSS4.8AI score0.00087EPSS
CVE
CVE
added 2008/05/22 1:9 p.m.82 views

CVE-2008-1159

Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.

7.1CVSS6.8AI score0.01479EPSS
CVE
CVE
added 2021/04/08 4:15 a.m.77 views

CVE-2021-1485

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of com...

7.8CVSS7AI score0.0007EPSS
CVE
CVE
added 2022/04/15 3:15 p.m.77 views

CVE-2022-20758

A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the incorrect processing of a BGP update m...

7.1CVSS6.7AI score0.00812EPSS
CVE
CVE
added 2023/03/09 10:15 p.m.76 views

CVE-2023-20049

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote a...

8.6CVSS7.7AI score0.01259EPSS
CVE
CVE
added 2023/09/13 5:15 p.m.71 views

CVE-2023-20135

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO imag...

7CVSS7AI score0.00017EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.70 views

CVE-2021-1243

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access ...

7.5CVSS6.5AI score0.00682EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.70 views

CVE-2021-34771

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulner...

5.5CVSS5.2AI score0.00127EPSS
CVE
CVE
added 2019/04/17 10:29 p.m.69 views

CVE-2019-1711

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this v...

7.5CVSS6.5AI score0.00804EPSS
CVE
CVE
added 2019/02/21 8:29 p.m.66 views

CVE-2019-1681

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-su...

7.5CVSS7.5AI score0.09038EPSS
CVE
CVE
added 2020/11/06 7:15 p.m.66 views

CVE-2020-3284

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the mana...

9.8CVSS9.1AI score0.04583EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.66 views

CVE-2021-34713

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames th...

7.4CVSS7.3AI score0.00103EPSS
CVE
CVE
added 2020/06/03 6:15 p.m.65 views

CVE-2020-3217

A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition ...

8.8CVSS9AI score0.00244EPSS
CVE
CVE
added 2023/09/13 5:15 p.m.65 views

CVE-2023-20233

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCM...

6.5CVSS6.5AI score0.00149EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.64 views

CVE-2021-1268

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards ...

7.4CVSS6.8AI score0.00086EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.63 views

CVE-2021-34719

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

7.8CVSS7.5AI score0.00105EPSS
CVE
CVE
added 2023/09/13 5:15 p.m.60 views

CVE-2023-20190

A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range ...

5.8CVSS5.3AI score0.00059EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.59 views

CVE-2021-34720

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting i...

8.6CVSS8.5AI score0.01024EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.59 views

CVE-2021-34728

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

7.8CVSS7.5AI score0.00313EPSS
CVE
CVE
added 2019/04/17 10:29 p.m.58 views

CVE-2019-1712

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of...

7.5CVSS6.4AI score0.00333EPSS
CVE
CVE
added 2009/08/21 5:30 p.m.57 views

CVE-2009-1154

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

3.3CVSS6.8AI score0.00474EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.57 views

CVE-2021-34708

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code ...

7.2CVSS6.6AI score0.00024EPSS
CVE
CVE
added 2023/09/13 5:15 p.m.56 views

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating t...

7.8CVSS7.4AI score0.00015EPSS
CVE
CVE
added 2018/08/15 8:29 p.m.55 views

CVE-2018-0418

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and...

8.6CVSS8.3AI score0.01414EPSS
CVE
CVE
added 2020/03/04 7:15 p.m.55 views

CVE-2020-3190

A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An att...

5.8CVSS5.7AI score0.00961EPSS
CVE
CVE
added 2023/09/13 5:15 p.m.54 views

CVE-2023-20191

A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit th...

7.5CVSS7.6AI score0.00054EPSS
CVE
CVE
added 2024/09/11 5:15 p.m.54 views

CVE-2024-20406

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient...

7.4CVSS7.4AI score0.00066EPSS
CVE
CVE
added 2021/09/23 3:15 a.m.53 views

CVE-2021-34714

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due t...

7.4CVSS7.4AI score0.00129EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.53 views

CVE-2021-34721

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section ...

6.9CVSS7AI score0.00095EPSS
CVE
CVE
added 2020/09/04 3:15 a.m.52 views

CVE-2020-3473

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within ...

7.8CVSS7.8AI score0.00043EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.52 views

CVE-2021-1389

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due ...

6.5CVSS6.1AI score0.00281EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.51 views

CVE-2021-1313

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

8.6CVSS8.1AI score0.00596EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.51 views

CVE-2021-34709

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code ...

6.9CVSS6.6AI score0.00024EPSS
CVE
CVE
added 2014/09/12 1:55 a.m.50 views

CVE-2014-3342

The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.

4CVSS5.9AI score0.00238EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.50 views

CVE-2021-34722

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section ...

7.2CVSS7AI score0.00089EPSS
CVE
CVE
added 2024/03/13 5:15 p.m.50 views

CVE-2024-20327

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is...

7.4CVSS7.3AI score0.00077EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.49 views

CVE-2021-1370

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker w...

7.8CVSS7.7AI score0.00077EPSS
CVE
CVE
added 2021/09/09 5:15 a.m.49 views

CVE-2021-34737

A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly ...

7.5CVSS6.5AI score0.00419EPSS
Total number of security vulnerabilities85