CVE Daily
← All tags

Tag: Apple iOS

All CVEs associated with "Apple iOS". Page 47/48 • 5688 CVEs.

Subscribe CVEs: RSS for “Apple iOS”  ·  RSS (High+Critical only)

About “Apple iOS”

A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2009-08-19
Medium

CVE-2009-2055

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
2009-07-30
Medium

CVE-2009-2049

Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XN…

CVSS: 5.4 CWE: CWE-16 View on NVD
High

CVE-2009-1168

Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; a…

CVSS: 7.1 CWE: CWE-399 View on NVD
2009-03-27
High

CVE-2009-0637

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an a…

CVSS: 7.1 CWE: CWE-264 View on NVD
High

CVE-2009-0636

Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2009-0635

Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of servic…

CVSS: 7.1 CWE: CWE-399 View on NVD
High

CVE-2009-0634

Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attacke…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2009-0633

Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2009-0630

The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible…

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2009-0629

The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (…

CVSS: 5.4 CWE: N/A View on NVD
Critical

CVE-2009-0628

Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnor…

CVSS: 9.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2009-0626

The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2009-0631

Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signalin…

CVSS: 7.8 CWE: N/A View on NVD
2009-02-06
Medium

CVE-2009-0471

Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2009-0470

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-01-16
Medium

CVE-2008-3821

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the pin…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2008-11-06
High

CVE-2008-4963

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of servi…

CVSS: 7.1 CWE: N/A View on NVD
2008-09-26
High

CVE-2008-3813

Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2008-3812

Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malforme…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2008-3811

Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP message…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2008-3810

Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP message…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2008-3809

Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2008-3808

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2008-3807

Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to o…

CVSS: 9.3 CWE: N/A View on NVD
High

CVE-2008-3806

Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, w…

CVSS: 8.5 CWE: N/A View on NVD
High

CVE-2008-3805

Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, w…

CVSS: 8.5 CWE: N/A View on NVD
High

CVE-2008-3804

Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corrupti…

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2008-3803

A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, whi…

CVSS: 5.1 CWE: N/A View on NVD
High

CVE-2008-3802

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2008-3801

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows re…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2008-3800

Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows re…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2008-3799

Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption a…

CVSS: 7.8 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
High

CVE-2008-3798

Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2008-2739

The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic th…

CVSS: 7.8 CWE: N/A View on NVD
2008-09-18
Critical

CVE-2008-4128

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary com…

CVSS: 9.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2008-06-10
Critical

CVE-2008-0960

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 th…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2008-05-22
High

CVE-2008-1159

Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk…

CVSS: 7.1 CWE: N/A View on NVD
2008-03-27
High

CVE-2008-1150

The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the…

CVSS: 7.1 CWE: CWE-399 View on NVD
High

CVE-2008-1151

Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, r…

CVSS: 7.1 CWE: CWE-399 View on NVD
High

CVE-2008-1152

The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2008-1153

Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a cr…

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2008-1156

Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core…

CVSS: 5.1 CWE: CWE-16 View on NVD
2007-10-23
High

CVE-2007-5651

Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 a…

CVSS: 7.1 CWE: N/A View on NVD
2007-10-18
Medium

CVE-2007-5547

Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: a…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-5548

Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 200710…

CVSS: 6.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2007-5549

Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "t…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2007-5550

Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2007-5551

Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vagu…

CVSS: 7.1 CWE: N/A View on NVD
Critical

CVE-2007-5552

Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable informat…

CVSS: 9.3 CWE: CWE-189 View on NVD
2007-10-12
Critical

CVE-2007-5381

Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-08-31
Medium

CVE-2007-4632

Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabl…

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
2007-08-20
Medium

CVE-2007-4430

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2007-08-09
Critical

CVE-2007-4285

Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet…

CVSS: 9.0 CWE: N/A View on NVD
Critical

CVE-2007-4286

Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4291

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a…

CVSS: 7.1 CWE: N/A View on NVD
Critical

CVE-2007-4292

Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276,…

CVSS: 9.3 CWE: N/A View on NVD
High

CVE-2007-4293

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2007-4294

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, ak…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-4295

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.

CVSS: 6.8 CWE: N/A View on NVD
2007-08-08
High

CVE-2007-4263

Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's fil…

CVSS: 8.5 CWE: N/A View on NVD
2007-05-22
High

CVE-2007-2813

Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (…

CVSS: 7.8 CWE: N/A View on NVD
2007-05-16
High

CVE-2007-2688

The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attack…

CVSS: 7.8 CWE: N/A View on NVD
2007-05-10
Critical

CVE-2007-2586

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-conf…

CVSS: 9.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2007-2587

The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse292…

CVSS: 6.3 CWE: N/A View on NVD
2007-03-03
Medium

CVE-2007-1258

Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote att…

CVSS: 6.1 CWE: N/A View on NVD
2007-02-14
Medium

CVE-2007-0917

The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2007-0918

The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash…

CVSS: 7.1 CWE: N/A View on NVD
2007-02-01
High

CVE-2007-0648

Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by…

CVSS: 7.8 CWE: N/A View on NVD
2007-01-25
High

CVE-2007-0479

Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2007-0480

Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1)…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2007-0481

Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.

CVSS: 7.8 CWE: N/A View on NVD
2007-01-11
Medium

CVE-2007-0199

The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabi…

CVSS: 5.0 CWE: N/A View on NVD
2007-01-09
High

CVE-2007-0116

Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords…

CVSS: 7.5 CWE: N/A View on NVD
2006-09-23
Critical

CVE-2006-4950

Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge R…

CVSS: 10.0 CWE: N/A View on NVD
2006-09-14
High

CVE-2006-4774

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2006-4775

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is inc…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2006-4776

Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertiseme…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2006-09-09
Low

CVE-2006-4650

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an in…

CVSS: 2.6 CWE: N/A View on NVD
2006-08-09
Medium

CVE-2006-4032

Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certa…

CVSS: 5.0 CWE: N/A View on NVD
2006-07-27
Medium

CVE-2006-3906

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via…

CVSS: 5.0 CWE: N/A View on NVD
2006-07-18
High

CVE-2006-3595

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary pri…

CVSS: 7.5 CWE: N/A View on NVD
2006-06-28
Critical

CVE-2006-3291

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Indiv…

CVSS: 9.3 CWE: CWE-16 View on NVD
2006-04-20
Medium

CVE-2006-1927

Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-1928

Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-01
Medium

CVE-2006-0485

The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2006-0486

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different l…

CVSS: 4.6 CWE: N/A View on NVD
2006-01-22
Medium

CVE-2006-0354

Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections)…

CVSS: 5.5 CWE: CWE-399 View on NVD
2006-01-21
High

CVE-2006-0340

Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local n…

CVSS: 7.1 CWE: CWE-20 - Improper Input Validation View on NVD
2005-12-31
High

CVE-2005-4822

SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execute arbitrary SQL commands via the project_id para…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-4826

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a cr…

CVSS: 6.1 CWE: N/A View on NVD
2005-12-21
High

CVE-2005-4436

Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by s…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2005-4437

MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checks…

CVSS: 7.5 CWE: N/A View on NVD
2005-11-30
Low

CVE-2005-3921

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator v…

CVSS: 2.6 CWE: N/A View on NVD
2005-11-03
Critical

CVE-2005-3481

Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rath…

CVSS: 9.3 CWE: N/A View on NVD
2005-11-02
Low

CVE-2005-3427

The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes…

CVSS: 2.1 CWE: N/A View on NVD
2005-09-08
High

CVE-2005-2841

Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of servic…

CVSS: 7.5 CWE: N/A View on NVD
2005-08-03
Low

CVE-2005-2451

Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary co…

CVSS: 2.1 CWE: N/A View on NVD
2005-07-05
High

CVE-2005-2105

Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.

CVSS: 7.5 CWE: N/A View on NVD
2005-05-02
Medium

CVE-2005-0195

Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0196

Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0197

Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted pac…

CVSS: 6.1 CWE: CWE-16 View on NVD
High

CVE-2005-1020

Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to…

CVSS: 7.1 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2005-1021

Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorr…

CVSS: 7.1 CWE: CWE-399 View on NVD
High

CVE-2005-1057

Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2005-1058

Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifi…

CVSS: 7.5 CWE: N/A View on NVD
2005-01-19
Medium

CVE-2005-0186

Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a…

CVSS: 5.0 CWE: N/A View on NVD
2005-01-10
Medium

CVE-2004-1111

Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue ins…

CVSS: 5.0 CWE: N/A View on NVD
2004-12-31
Medium

CVE-2004-1464

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

CVSS: 5.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2004-1454

Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-1775

Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write…

CVSS: 5.0 CWE: N/A View on NVD
2004-08-06
Medium

CVE-2004-0589

Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2)…

CVSS: 4.3 CWE: N/A View on NVD
2004-07-27
Medium

CVE-2004-0710

IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 co…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-0714

Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers t…

CVSS: 5.0 CWE: N/A View on NVD
2004-02-17
High

CVE-2004-0054

Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrate…

CVSS: 7.5 CWE: N/A View on NVD
2003-12-31
High

CVE-2003-1109

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote at…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2003-1398

Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).

CVSS: 9.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2003-08-27
Medium

CVE-2003-0511

The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2003-0512

Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on…

CVSS: 5.0 CWE: CWE-310 View on NVD
High

CVE-2003-0647

Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.

CVSS: 7.5 CWE: N/A View on NVD
2003-08-18
High

CVE-2003-0567

Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the i…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD