Vulnerabilities (CVE)

Vendor filter

Cisco Subscribe

Filter

4168 total CVE
CVE Vendors Products Updated CVSS
CVE-2002-2316 1 Cisco 1 Catos 2008-09-05 5.0
Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain...
CVE-2002-2315 1 Cisco 1 Ios 2008-09-05 7.8
Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
CVE-2002-2053 1 Cisco 1 Ios 2008-09-05 5.0
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP...
CVE-2002-2052 1 Cisco 1 Ios 2008-09-05 5.0
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port...
CVE-2002-2037 1 Cisco 5 Sc2200, Bams, Pgw 2200 and 2 more 2008-09-05 5.0
The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default...
CVE-2002-1492 1 Cisco 1 Vpn 5000 Client 2008-09-05 7.2
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
CVE-2002-1491 1 Cisco 1 Vpn 5000 Client 2008-09-05 5.0
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
CVE-2002-1447 1 Cisco 1 Vpn Client 2008-09-05 7.2
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
CVE-2002-0938 1 Cisco 1 Secure Access Control Server 2008-09-05 7.5
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
CVE-2002-0908 1 Cisco 1 Ids Device Manager 2008-09-05 5.0
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request.
CVE-2002-0870 1 Cisco 2 Webns, Content Services Switch 11000 2008-09-05 7.5
The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management...
CVE-2002-0792 1 Cisco 2 Webns, Content Services Switch 11000 2008-09-05 5.0
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
CVE-2002-0769 1 Cisco 1 Ata-186 2008-09-05 6.4
The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the...
CVE-2002-0545 1 Cisco 2 Aironet Ap340, Aironet Ap350 2008-09-05 5.0
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.
CVE-2002-0505 1 Cisco 1 Call Manager 2008-09-05 5.0
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via...
CVE-2002-0339 1 Cisco 1 Ios 2008-09-05 5.0
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
CVE-2002-0241 1 Cisco 1 Secure Access Control Server 2008-09-05 7.5
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
CVE-2002-0225 1 Cisco 1 Tacacs%2b 2008-09-05 4.6
tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.
CVE-2001-0866 1 Cisco 1 12000 Router 2008-09-05 7.5
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended...
CVE-2001-0288 1 Cisco 1 Ios 2008-09-05 7.5
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.