Filtered by vendor Cisco
Subscriptions
Filtered by product Ios Xe
Subscriptions
Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0640 | 1 Cisco | 1 Ios Xe | 2025-04-12 | N/A |
| The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741. | ||||
| CVE-2015-0646 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811. | ||||
| CVE-2015-6267 | 1 Cisco | 8 Asr 1001, Asr 1001-x, Asr 1002 and 5 more | 2025-04-12 | N/A |
| Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. | ||||
| CVE-2016-6450 | 1 Cisco | 1 Ios Xe | 2025-04-12 | N/A |
| A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). | ||||
| CVE-2016-6441 | 1 Cisco | 1 Ios Xe | 2025-04-12 | N/A |
| A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. This vulnerability affects Cisco ASR 900 Series Aggregation Services Routers (ASR902, ASR903, and ASR907) that are running the following releases of Cisco IOS XE Software: 3.17.0S 3.17.1S 3.17.2S 3.18.0S 3.18.1S. More Information: CSCuy15175. Known Affected Releases: 15.6(1)S 15.6(2)S. Known Fixed Releases: 15.6(1)S2.12 15.6(1.17)S0.41 15.6(1.17)SP 15.6(2)SP 16.4(0.183) 16.5(0.10). | ||||
| CVE-2016-6393 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.5 High |
| The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667. | ||||
| CVE-2014-3405 | 1 Cisco | 1 Ios Xe | 2025-04-12 | N/A |
| Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673. | ||||
| CVE-2016-6380 | 1 Cisco | 6 Ios, Ios Xe, Ios Xe 3.2ja and 3 more | 2025-04-12 | N/A |
| The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. | ||||
| CVE-2014-3284 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2025-04-12 | N/A |
| Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | ||||
| CVE-2014-7990 | 1 Cisco | 4 Air-ct5760, Ios Xe, Ws-c3850 and 1 more | 2025-04-12 | N/A |
| Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | ||||
| CVE-2015-0681 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733. | ||||
| CVE-2015-6273 | 1 Cisco | 8 Asr 1001, Asr 1001-x, Asr 1002 and 5 more | 2025-04-12 | N/A |
| Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623. | ||||
| CVE-2013-6981 | 1 Cisco | 1 Ios Xe | 2025-04-11 | N/A |
| Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | ||||
| CVE-2012-3949 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2025-04-11 | N/A |
| The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. | ||||
| CVE-2013-6979 | 1 Cisco | 1 Ios Xe | 2025-04-11 | N/A |
| The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | ||||
| CVE-2013-5478 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | N/A |
| Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. | ||||
| CVE-2012-0384 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | 7.2 High |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. | ||||
| CVE-2013-6705 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | N/A |
| The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. | ||||
| CVE-2013-6704 | 1 Cisco | 1 Ios Xe | 2025-04-11 | N/A |
| Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. | ||||
| CVE-2012-4617 | 1 Cisco | 3 Ios, Ios Xe, Ios Xr | 2025-04-11 | N/A |
| The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914. | ||||