Search Results (6788 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1448 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.
CVE-2016-1476 1 Cisco 2 Ip Phone 8800, Ip Phone 8800 Series Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
CVE-2015-6418 1 Cisco 7 Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn Router Firmware, Rv042g Dual Gigabit Wan Vpn Firmware and 4 more 2025-04-12 N/A
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.
CVE-2016-1437 1 Cisco 1 Prime Collaboration Deployment 2025-04-12 N/A
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549.
CVE-2016-1430 1 Cisco 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Vpn Router and 1 more 2025-04-12 N/A
Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592.
CVE-2016-1423 1 Cisco 1 Email Security Appliance 2025-04-12 N/A
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.
CVE-2016-1415 1 Cisco 1 Webex Wrf Player T29 2025-04-12 N/A
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
CVE-2016-1474 1 Cisco 1 Prime Infrastructure 2025-04-12 N/A
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.
CVE-2016-1386 1 Cisco 1 Application Policy Infrastructure Controller Enterprise Module 2025-04-12 N/A
The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.
CVE-2016-1442 1 Cisco 1 Prime Infrastructure 2025-04-12 N/A
The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.
CVE-2016-1334 1 Cisco 1 Small Business Wireless Access Points Firmware 2025-04-12 N/A
Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.
CVE-2016-1473 1 Cisco 1 Small Business 220 Series Smart Plus Switches 2025-04-12 N/A
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.
CVE-2015-0617 1 Cisco 1 Asr 5000 Series Software 2025-04-12 N/A
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393.
CVE-2016-1313 1 Cisco 1 Ucs Invicta C3124sa Appliance 2025-04-12 N/A
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294.
CVE-2016-1304 1 Cisco 1 Unity Connection 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.
CVE-2016-1471 1 Cisco 1 Small Business 220 Series Smart Plus Switches 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232.
CVE-2016-1470 1 Cisco 1 Small Business 220 Series Smart Plus Switches 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.
CVE-2015-4266 1 Cisco 1 Identity Services Engine Software 2025-04-12 N/A
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556.
CVE-2014-2197 1 Cisco 2 Unified Cdm Application Software, Unified Communications Domain Manager 2025-04-12 N/A
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.
CVE-2014-8002 1 Cisco 1 Openh264 2025-04-12 N/A
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.