Export limit exceeded: 345363 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10319 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6756 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2546 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2025-04-11 | N/A |
| SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669. | ||||
| CVE-2011-2545 | 1 Cisco | 18 Spa2102 Phone Adapter With Router, Spa2102 Phone Adapter With Router Firmware, Spa3102 Voice Gateway With Router and 15 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715. | ||||
| CVE-2011-2544 | 1 Cisco | 3 Telepresence Mxp Software, Telepresence System 1000 Mxp, Telepresence System 1700 Mxp | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. | ||||
| CVE-2011-2543 | 1 Cisco | 4 Telepresence C Series Software, Telepresence Codec C40, Telepresence Codec C60 and 1 more | 2025-04-11 | N/A |
| Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496. | ||||
| CVE-2011-2395 | 1 Cisco | 1 Ios | 2025-04-11 | N/A |
| The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | ||||
| CVE-2011-2072 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2025-04-11 | N/A |
| Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686. | ||||
| CVE-2011-2064 | 1 Cisco | 2 Content Services Gateway Second Generation, Ios | 2025-04-11 | N/A |
| Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577. | ||||
| CVE-2011-2060 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | N/A |
| The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523. | ||||
| CVE-2011-2058 | 1 Cisco | 1 Ios | 2025-04-11 | 7.5 High |
| The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336. | ||||
| CVE-2011-2057 | 1 Cisco | 1 Ios | 2025-04-11 | 7.5 High |
| The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327. | ||||
| CVE-2011-2042 | 1 Cisco | 1 Ciscoworks Common Services | 2025-04-11 | N/A |
| The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018. | ||||
| CVE-2011-2041 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2025-04-11 | N/A |
| The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. | ||||
| CVE-2011-2040 | 3 Apple, Cisco, Linux | 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel | 2025-04-11 | N/A |
| The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934. | ||||
| CVE-2014-0739 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | N/A |
| Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766. | ||||
| CVE-2011-2039 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2025-04-11 | N/A |
| The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. | ||||
| CVE-2014-0738 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | N/A |
| The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770. | ||||
| CVE-2014-0737 | 1 Cisco | 1 Unified Ip Phone 7960g | 2025-04-11 | N/A |
| The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | ||||
| CVE-2011-2024 | 1 Cisco | 1 Cns Network Registrar | 2025-04-11 | N/A |
| Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | ||||
| CVE-2014-0736 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | ||||
| CVE-2014-0735 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | ||||