Search Results (6788 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-2561 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.
CVE-2011-2678 2 Cisco, Microsoft 2 Vpn Client, Windows 2025-04-11 N/A
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
CVE-2011-3288 1 Cisco 1 Unified Presence 2025-04-11 7.5 High
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.
CVE-2011-3289 1 Cisco 1 Ios 2025-04-11 N/A
Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attackers to bypass the No Service Password-Recovery feature and read the start-up configuration via unspecified vectors, aka Bug ID CSCtr97640.
CVE-2011-3290 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2025-04-11 N/A
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
CVE-2011-3293 1 Cisco 1 Secure Access Control Server 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
CVE-2011-3294 1 Cisco 2 Telepresence Video Communication Servers, Telepresence Video Communication Servers Software 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342.
CVE-2011-3295 1 Cisco 1 Ios Xr 2025-04-11 N/A
The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888.
CVE-2011-3296 1 Cisco 3 Catalyst 6500, Catalyst 7600, Firewall Services Module Software 2025-04-11 N/A
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875.
CVE-2011-3297 1 Cisco 3 Catalyst 6500, Catalyst 7600, Firewall Services Module Software 2025-04-11 N/A
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697.
CVE-2011-3318 1 Cisco 4 Video Surveillance 2421, Video Surveillance 2500, Video Surveillance 2600 and 1 more 2025-04-11 N/A
Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause a denial of service (device reload) by sending crafted RTSP packets over TCP, aka Bug IDs CSCtj96312, CSCtj39462, and CSCtl80175.
CVE-2011-3319 1 Cisco 1 Webex Recording Format Player 2025-04-11 N/A
Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.
CVE-2011-4014 1 Cisco 1 Wireless Control System Software 2025-04-11 N/A
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807.
CVE-2011-4015 1 Cisco 1 Ios 2025-04-11 N/A
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
CVE-2011-4016 1 Cisco 1 Ios 2025-04-11 N/A
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.
CVE-2011-4019 1 Cisco 2 Ios, Unified Communications Manager 2025-04-11 N/A
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
CVE-2011-4022 1 Cisco 1 Intrusion Prevention System 2025-04-11 N/A
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
CVE-2011-4023 1 Cisco 12 Nexus 2148t Fex Switch, Nexus 2224tp Fex Switch, Nexus 2232pp Fex Switch and 9 more 2025-04-11 N/A
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
CVE-2011-4659 1 Cisco 2 Ip Video Phone E20, Telepresence E20 Software 2025-04-11 N/A
Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555.
CVE-2012-0361 1 Cisco 1 Ip Communicator 2025-04-11 N/A
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315.