| ID: CVE-2011-4500 |
Title: The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. |
Type: Hardware |
Bulletins:
CVE-2011-4500 |
Severity: High |
| Description: The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. | ||||
| Applies to: wrt54gx |
Created: 2011-11-22 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4499 |
Title: The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish... |
Type: Hardware |
Bulletins:
CVE-2011-4499 |
Severity: High |
| Description: The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
| Applies to: wrt54g wrt54gs |
Created: 2011-11-22 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3440 |
Title: The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3440 |
Severity: Low |
| Description: The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | ||||
| Applies to: |
Created: 2011-11-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3442 |
Title: The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3442 |
Severity: High |
| Description: The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. | ||||
| Applies to: |
Created: 2011-11-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3441 |
Title: libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3441 |
Severity: Medium |
| Description: libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | ||||
| Applies to: |
Created: 2011-11-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3439 |
Title: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3439 |
Severity: High |
| Description: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. | ||||
| Applies to: |
Created: 2011-11-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4005 |
Title: Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and... |
Type: Hardware |
Bulletins:
CVE-2011-4005 SFBID50495 |
Severity: High |
| Description: Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124. | ||||
| Applies to: Cisco srp521 Cisco srp526 Cisco srp527 Cisco srp541 Cisco srp546 Cisco srp547 |
Created: 2011-11-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0941 |
Title: Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory... |
Type: Hardware |
Bulletins:
CVE-2011-0941 |
Severity: High |
| Description: Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-11-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3315 |
Title: Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP... |
Type: Hardware |
Bulletins:
CVE-2011-3315 |
Severity: High |
| Description: Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-10-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2569 |
Title: Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008,... |
Type: Hardware |
Bulletins:
CVE-2011-2569 |
Severity: Medium |
| Description: Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. | ||||
| Applies to: |
Created: 2011-10-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2060 |
Title: The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description,... |
Type: Hardware |
Bulletins:
CVE-2011-2060 |
Severity: Medium |
| Description: The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-10-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2059 |
Title: The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a... |
Type: Hardware |
Bulletins:
CVE-2011-2059 |
Severity: Medium |
| Description: The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219. | ||||
| Applies to: |
Created: 2011-10-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1640 |
Title: The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2011-1640 |
Severity: High |
| Description: The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354. | ||||
| Applies to: |
Created: 2011-10-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2058 |
Title: The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors... |
Type: Hardware |
Bulletins:
CVE-2011-2058 |
Severity: High |
| Description: The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336. | ||||
| Applies to: |
Created: 2011-10-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2057 |
Title: The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which... |
Type: Hardware |
Bulletins:
CVE-2011-2057 |
Severity: Medium |
| Description: The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327. | ||||
| Applies to: |
Created: 2011-10-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4964 |
Title: recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. |
Type: Hardware |
Bulletins:
CVE-2010-4964 |
Severity: High |
| Description: recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. | ||||
| Applies to: DCS-2121 |
Created: 2011-10-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4965 |
Title: /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. |
Type: Hardware |
Bulletins:
CVE-2010-4965 |
Severity: High |
| Description: /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | ||||
| Applies to: DCS-2121 |
Created: 2011-10-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3434 |
Title: The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3434 |
Severity: Medium |
| Description: The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3432 |
Title: The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3432 |
Severity: Medium |
| Description: The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3430 |
Title: The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by... |
Type: Mobile Devices |
Bulletins:
CVE-2011-3430 |
Severity: High |
| Description: The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3429 |
Title: The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3429 |
Severity: Low |
| Description: The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3245 |
Title: The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3245 |
Severity: Low |
| Description: The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3259 |
Title: The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many... |
Type: Mobile Devices |
Bulletins:
CVE-2011-3259 SFBID50087 |
Severity: Medium |
| Description: The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3431 |
Title: The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3431 |
Severity: Low |
| Description: The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3427 |
Title: The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or... |
Type: Mobile Devices |
Bulletins:
CVE-2011-3427 |
Severity: Low |
| Description: The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3257 |
Title: The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances... |
Type: Mobile Devices |
Bulletins:
CVE-2011-3257 |
Severity: Low |
| Description: The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3256 |
Title: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via... |
Type: Mobile Devices |
Bulletins:
CVE-2011-3256 SFBID50155 |
Severity: Medium |
| Description: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3261 |
Title: Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3261 |
Severity: Medium |
| Description: Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3243 |
Title: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3243 SFBID50088 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3426 |
Title: Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3426 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3254 |
Title: Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3254 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3246 |
Title: CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a... |
Type: Mobile Devices |
Bulletins:
CVE-2011-3246 SFBID50085 |
Severity: Medium |
| Description: CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3255 |
Title: CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3255 |
Severity: Medium |
| Description: CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3253 |
Title: CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3253 |
Severity: Low |
| Description: CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3260 |
Title: Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. |
Type: Mobile Devices |
Bulletins:
CVE-2011-3260 |
Severity: Medium |
| Description: Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. | ||||
| Applies to: |
Created: 2011-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3296 |
Title: Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via... |
Type: Hardware |
Bulletins:
CVE-2011-3296 |
Severity: High |
| Description: Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875. | ||||
| Applies to: Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3297 |
Title: Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by... |
Type: Hardware |
Bulletins:
CVE-2011-3297 |
Severity: High |
| Description: Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697. | ||||
| Applies to: Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3304 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before... |
Type: Hardware |
Bulletins:
CVE-2011-3304 SFBID49952 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2), and 8.5 before 8.5(1.1) allow remote attackers to cause a denial of service (device reload) via crafted MSN Instant Messenger traffic, aka Bug ID CSCtl67486. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3303 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before... |
Type: Hardware |
Bulletins:
CVE-2011-3303 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.6), 8.3 before 8.3(2.23), 8.4 before 8.4(2.7), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via malformed ILS traffic, aka Bug IDs CSCtq57697 and CSCtq57802. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3299 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3... |
Type: Hardware |
Bulletins:
CVE-2011-3299 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92380 and CSCtq09972. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3300 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3... |
Type: Hardware |
Bulletins:
CVE-2011-3300 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06065 and CSCtq09978. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3301 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3... |
Type: Hardware |
Bulletins:
CVE-2011-3301 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06062 and CSCtq09986. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3302 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3... |
Type: Hardware |
Bulletins:
CVE-2011-3302 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92398 and CSCtq09989. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3298 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before... |
Type: Hardware |
Bulletins:
CVE-2011-3298 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2011-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3271 |
Title: Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165. |
Type: Hardware |
Bulletins:
CVE-2011-3271 |
Severity: High |
| Description: Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3278 |
Title: Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka... |
Type: Hardware |
Bulletins:
CVE-2011-3278 |
Severity: High |
| Description: Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCti48483. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3277 |
Title: Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka... |
Type: Hardware |
Bulletins:
CVE-2011-3277 |
Severity: High |
| Description: Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka Bug ID CSCth11006. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3276 |
Title: Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port... |
Type: Hardware |
Bulletins:
CVE-2011-3276 |
Severity: High |
| Description: Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port 5060, aka Bug ID CSCso02147. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3281 |
Title: Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2011-3281 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID CSCto68554. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0939 |
Title: Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022. |
Type: Hardware |
Bulletins:
CVE-2011-0939 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3282 |
Title: Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related... |
Type: Hardware |
Bulletins:
CVE-2011-3282 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCtj30155. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3274 |
Title: Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet,... |
Type: Hardware |
Bulletins:
CVE-2011-3274 |
Severity: Medium |
| Description: Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3270 |
Title: Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453. |
Type: Hardware |
Bulletins:
CVE-2011-3270 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453. | ||||
| Applies to: Cisco 10008 Router |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3279 |
Title: The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219. |
Type: Hardware |
Bulletins:
CVE-2011-3279 |
Severity: High |
| Description: The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0946 |
Title: The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS)... |
Type: Hardware |
Bulletins:
CVE-2011-0946 |
Severity: High |
| Description: The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3272 |
Title: The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073. |
Type: Hardware |
Bulletins:
CVE-2011-3272 |
Severity: High |
| Description: The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3280 |
Title: Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port... |
Type: Hardware |
Bulletins:
CVE-2011-3280 |
Severity: High |
| Description: Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCtj04672. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0945 |
Title: Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to... |
Type: Hardware |
Bulletins:
CVE-2011-0945 |
Severity: High |
| Description: Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to cause a denial of service (memory consumption and device reload or hang) via a crafted IP protocol 91 packet, aka Bug ID CSCth69364. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3273 |
Title: Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka... |
Type: Hardware |
Bulletins:
CVE-2011-3273 |
Severity: High |
| Description: Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka Bug ID CSCti79848. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2072 |
Title: Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2011-2072 |
Severity: High |
| Description: Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3275 |
Title: Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504. |
Type: Hardware |
Bulletins:
CVE-2011-3275 |
Severity: High |
| Description: Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0944 |
Title: Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194. |
Type: Hardware |
Bulletins:
CVE-2011-0944 |
Severity: High |
| Description: Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-3975 |
Title: A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote... |
Type: Mobile Devices |
Bulletins:
CVE-2011-3975 SFBID49916 |
Severity: Low |
| Description: A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. | ||||
| Applies to: |
Created: 2011-10-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2544 |
Title: Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant... |
Type: Hardware |
Bulletins:
CVE-2011-2544 SFBID49670 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. | ||||
| Applies to: Cisco TelePresence System 1000 MXP Cisco TelePresence System 1700 MXP |
Created: 2011-09-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2543 |
Title: Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long... |
Type: Hardware |
Bulletins:
CVE-2011-2543 SFBID49670 |
Severity: High |
| Description: Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496. | ||||
| Applies to: Cisco Codec C40 Cisco Codec C60 Cisco Codec C90 |
Created: 2011-09-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2581 |
Title: The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which... |
Type: Hardware |
Bulletins:
CVE-2011-2581 |
Severity: Medium |
| Description: The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490. | ||||
| Applies to: Cisco Nexus 5000 Series |
Created: 2011-09-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2577 |
Title: Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted... |
Type: Hardware |
Bulletins:
CVE-2011-2577 SFBID49392 |
Severity: High |
| Description: Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500. | ||||
| Applies to: Cisco Codec C40 Cisco Codec C60 Cisco Codec C90 Cisco Codec EX60 Cisco Codec EX90 Cisco TelePresence E20 Cisco TelePresence System 6000 MXP Cisco TelePresence System 9000 MXP |
Created: 2011-08-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2563 |
Title: Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause... |
Type: Hardware |
Bulletins:
CVE-2011-2563 |
Severity: High |
| Description: Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-08-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2564 |
Title: Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause... |
Type: Hardware |
Bulletins:
CVE-2011-2564 |
Severity: High |
| Description: Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-08-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2562 |
Title: Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2011-2562 |
Severity: High |
| Description: Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-08-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2561 |
Title: The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a... |
Type: Hardware |
Bulletins:
CVE-2011-2561 |
Severity: High |
| Description: The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-08-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2560 |
Title: The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by... |
Type: Hardware |
Bulletins:
CVE-2011-2560 |
Severity: High |
| Description: The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-08-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0228 |
Title: The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL... |
Type: Mobile Devices |
Bulletins:
CVE-2011-0228 SFBID48877 |
Severity: High |
| Description: The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | ||||
| Applies to: |
Created: 2011-08-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1643 |
Title: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by... |
Type: Hardware |
Bulletins:
CVE-2011-1643 |
Severity: High |
| Description: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-08-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1625 |
Title: Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing... |
Type: Hardware |
Bulletins:
CVE-2011-1625 |
Severity: Medium |
| Description: Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629. | ||||
| Applies to: |
Created: 2011-08-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1624 |
Title: Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631. |
Type: Hardware |
Bulletins:
CVE-2011-1624 |
Severity: High |
| Description: Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631. | ||||
| Applies to: |
Created: 2011-08-18 |
Updated: 2024-01-17 |
||
| ID: MITRE:12441 |
Title: Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability |
Type: Software |
Bulletins:
MITRE:12441 CVE-2005-1794 |
Severity: Medium |
| Description: Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. | ||||
| Applies to: |
Created: 2011-08-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2357 |
Title: Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2357 SFBID48954 |
Severity: Medium |
| Description: Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain. | ||||
| Applies to: |
Created: 2011-08-12 |
Updated: 2024-01-17 |
||
| ID: MITRE:12664 |
Title: XML External Entities Resolution Vulnerability |
Type: Software |
Bulletins:
MITRE:12664 CVE-2011-1280 |
Severity: Medium |
| Description: The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability." | ||||
| Applies to: Microsoft Office InfoPath 2007 Microsoft Office InfoPath 2010 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft SQL Server Management Studio Express (SSMSE) 2005 |
Created: 2011-08-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2549 |
Title: Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695. |
Type: Hardware |
Bulletins:
CVE-2011-2549 SFBID48811 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695. | ||||
| Applies to: Cisco ASR 9006 Router Cisco ASR 9010 Router |
Created: 2011-07-28 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2547 |
Title: The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. |
Type: Hardware |
Bulletins:
CVE-2011-2547 SFBID48810 |
Severity: High |
| Description: The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. | ||||
| Applies to: Cisco SA520 Cisco SA520w Cisco SA540 |
Created: 2011-07-28 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2546 |
Title: SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669. |
Type: Hardware |
Bulletins:
CVE-2011-2546 SFBID48812 |
Severity: Medium |
| Description: SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669. | ||||
| Applies to: Cisco SA520 Cisco SA520w Cisco SA540 |
Created: 2011-07-28 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0227 |
Title: The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2011-0227 |
Severity: High |
| Description: The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | ||||
| Applies to: |
Created: 2011-07-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0226 |
Title: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial... |
Type: Mobile Devices |
Bulletins:
CVE-2011-0226 SFBID48619 |
Severity: High |
| Description: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | ||||
| Applies to: |
Created: 2011-07-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2064 |
Title: Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577. |
Type: Hardware |
Bulletins:
CVE-2011-2064 SFBID48581 |
Severity: High |
| Description: Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577. | ||||
| Applies to: |
Created: 2011-07-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2344 |
Title: Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums... |
Type: Mobile Devices |
Bulletins:
CVE-2011-2344 |
Severity: High |
| Description: Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. | ||||
| Applies to: |
Created: 2011-07-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1823 |
Title: The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that... |
Type: Mobile Devices |
Bulletins:
CVE-2011-1823 |
Severity: High |
| Description: The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak. | ||||
| Applies to: |
Created: 2011-06-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4804 |
Title: The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. |
Type: Mobile Devices |
Bulletins:
CVE-2010-4804 SFBID48256 |
Severity: Medium |
| Description: The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | ||||
| Applies to: |
Created: 2011-06-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-2395 |
Title: The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is... |
Type: Hardware |
Bulletins:
CVE-2011-2395 |
Severity: Medium |
| Description: The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | ||||
| Applies to: |
Created: 2011-06-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1651 |
Title: Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095. |
Type: Hardware |
Bulletins:
CVE-2011-1651 |
Severity: High |
| Description: Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095. | ||||
| Applies to: |
Created: 2011-05-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0943 |
Title: Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147. |
Type: Hardware |
Bulletins:
CVE-2011-0943 |
Severity: High |
| Description: Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147. | ||||
| Applies to: |
Created: 2011-05-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0949 |
Title: Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417. |
Type: Hardware |
Bulletins:
CVE-2011-0949 |
Severity: High |
| Description: Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417. | ||||
| Applies to: |
Created: 2011-05-31 |
Updated: 2024-01-17 |
||
| ID: MITRE:12673 |
Title: Scripting Memory Reallocation Vulnerability |
Type: Miscellaneous |
Bulletins:
MITRE:12673 CVE-2011-0663 |
Severity: High |
| Description: Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." | ||||
| Applies to: JScript 5.6 JScript 5.7 JScript 5.8 VBScript 5.6 VBScript 5.7 VBScript 5.8 |
Created: 2011-05-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:12457 |
Title: MFC Insecure Library Loading Vulnerability |
Type: Software |
Bulletins:
MITRE:12457 CVE-2010-3190 |
Severity: High |
| Description: Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; and Visual C++ 2005 SP1, 2008 SP1, and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." | ||||
| Applies to: Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual Studio 2010 |
Created: 2011-05-30 |
Updated: 2024-01-17 |
||
| ID: MITRE:12367 |
Title: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions |
Type: Software |
Bulletins:
MITRE:12367 CVE-2010-3574 |
Severity: High |
| Description: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||||
| Applies to: Java Development Kit Java Runtime Environment |
Created: 2011-05-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1613 |
Title: Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets,... |
Type: Hardware |
Bulletins:
CVE-2011-1613 SFBID47606 |
Severity: High |
| Description: Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426. | ||||
| Applies to: |
Created: 2011-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1605 |
Title: Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process... |
Type: Hardware |
Bulletins:
CVE-2011-1605 SFBID47610 |
Severity: High |
| Description: Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1606 |
Title: Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process... |
Type: Hardware |
Bulletins:
CVE-2011-1606 SFBID47611 |
Severity: High |
| Description: Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1609 |
Title: SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL... |
Type: Hardware |
Bulletins:
CVE-2011-1609 SFBID47605 |
Severity: High |
| Description: SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1610 |
Title: Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2,... |
Type: Hardware |
Bulletins:
CVE-2011-1610 SFBID47607 |
Severity: Medium |
| Description: Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1604 |
Title: Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption... |
Type: Hardware |
Bulletins:
CVE-2011-1604 SFBID47609 |
Severity: High |
| Description: Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-05-03 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1607 |
Title: Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to... |
Type: Hardware |
Bulletins:
CVE-2011-1607 SFBID47608 |
Severity: Medium |
| Description: Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603. | ||||
| Applies to: Unified Communications Manager |
Created: 2011-05-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:12514 |
Title: Vulnerability in Microsoft Internet Explorer Could Allow GUI Corruption |
Type: Web |
Bulletins:
MITRE:12514 CVE-2011-0347 |
Severity: High |
| Description: Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. | ||||
| Applies to: Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2011-04-25 |
Updated: 2024-01-17 |
||
| ID: MITRE:12519 |
Title: Apple iTunes Webkit Vulnerability, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service |
Type: Software |
Bulletins:
MITRE:12519 CVE-2011-0152 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | ||||
| Applies to: Apple iTunes |
Created: 2011-04-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1149 |
Title: Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to... |
Type: Mobile Devices |
Bulletins:
CVE-2011-1149 |
Severity: High |
| Description: Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK. | ||||
| Applies to: |
Created: 2011-04-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0195 |
Title: The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. |
Type: Mobile Devices |
Bulletins:
CVE-2011-0195 |
Severity: Medium |
| Description: The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. | ||||
| Applies to: |
Created: 2011-04-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0935 |
Title: The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a... |
Type: Hardware |
Bulletins:
CVE-2011-0935 SFBID47407 |
Severity: High |
| Description: The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685. | ||||
| Applies to: |
Created: 2011-04-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0163 |
Title: WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site... |
Type: Mobile Devices |
Bulletins:
CVE-2011-0163 |
Severity: Medium |
| Description: WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | ||||
| Applies to: |
Created: 2011-03-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0161 |
Title: WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences... |
Type: Mobile Devices |
Bulletins:
CVE-2011-0161 SFBID46814 |
Severity: Medium |
| Description: WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | ||||
| Applies to: |
Created: 2011-03-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0160 |
Title: WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the... |
Type: Mobile Devices |
Bulletins:
CVE-2011-0160 |
Severity: Medium |
| Description: WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | ||||
| Applies to: |
Created: 2011-03-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0157 |
Title: WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2011-0157 SFBID46807 |
Severity: High |
| Description: WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. | ||||
| Applies to: |
Created: 2011-03-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0159 |
Title: The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by... |
Type: Mobile Devices |
Bulletins:
CVE-2011-0159 SFBID46810 |
Severity: Medium |
| Description: The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. | ||||
| Applies to: |
Created: 2011-03-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0158 |
Title: MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. |
Type: Mobile Devices |
Bulletins:
CVE-2011-0158 SFBID46806 |
Severity: Medium |
| Description: MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. | ||||
| Applies to: |
Created: 2011-03-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1417 |
Title: Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory... |
Type: Mobile Devices |
Bulletins:
CVE-2011-1417 |
Severity: Medium |
| Description: Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. | ||||
| Applies to: |
Created: 2011-03-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-1344 |
Title: Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary... |
Type: Mobile Devices |
Bulletins:
CVE-2011-1344 SFBID46822 |
Severity: Medium |
| Description: Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. | ||||
| Applies to: |
Created: 2011-03-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0390 |
Title: The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534. |
Type: Hardware |
Bulletins:
CVE-2011-0390 SFBID46520 |
Severity: High |
| Description: The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0378 |
Title: The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. |
Type: Hardware |
Bulletins:
CVE-2011-0378 |
Severity: High |
| Description: The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. | ||||
| Applies to: Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3200 Cisco TelePresence System 500 |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0376 |
Title: The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876. |
Type: Hardware |
Bulletins:
CVE-2011-0376 |
Severity: High |
| Description: The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876. | ||||
| Applies to: Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3200 Cisco TelePresence System 500 |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0383 |
Title: The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative... |
Type: Hardware |
Bulletins:
CVE-2011-0383 SFBID46519 |
Severity: High |
| Description: The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0384 |
Title: The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary... |
Type: Hardware |
Bulletins:
CVE-2011-0384 SFBID46520 |
Severity: High |
| Description: The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0375 |
Title: The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. |
Type: Hardware |
Bulletins:
CVE-2011-0375 |
Severity: High |
| Description: The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. | ||||
| Applies to: Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3200 Cisco TelePresence System 500 |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0373 |
Title: The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. |
Type: Hardware |
Bulletins:
CVE-2011-0373 |
Severity: High |
| Description: The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. | ||||
| Applies to: Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3200 Cisco TelePresence System 500 |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0374 |
Title: The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. |
Type: Hardware |
Bulletins:
CVE-2011-0374 |
Severity: High |
| Description: The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. | ||||
| Applies to: Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3200 Cisco TelePresence System 500 |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0372 |
Title: The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. |
Type: Hardware |
Bulletins:
CVE-2011-0372 |
Severity: High |
| Description: The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. | ||||
| Applies to: Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3200 Cisco TelePresence System 500 |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0385 |
Title: The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite... |
Type: Hardware |
Bulletins:
CVE-2011-0385 |
Severity: High |
| Description: The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0387 |
Title: The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors... |
Type: Hardware |
Bulletins:
CVE-2011-0387 SFBID46520 |
Severity: High |
| Description: The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0388 |
Title: Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which... |
Type: Hardware |
Bulletins:
CVE-2011-0388 SFBID46523 |
Severity: High |
| Description: Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0389 |
Title: Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2011-0389 SFBID46520 |
Severity: High |
| Description: Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0377 |
Title: Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP... |
Type: Hardware |
Bulletins:
CVE-2011-0377 |
Severity: High |
| Description: Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605. | ||||
| Applies to: Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3200 Cisco TelePresence System 500 |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0396 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read... |
Type: Hardware |
Bulletins:
CVE-2011-0396 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352. | ||||
| Applies to: Cisco ASA 5505 Adaptive Security Appliance Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive Security Appliance Cisco ASA 5540 Adaptive Security Appliance Cisco ASA 5550 Adaptive Security Appliance Cisco ASA 5580 Adaptive... |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0395 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow... |
Type: Hardware |
Bulletins:
CVE-2011-0395 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583. | ||||
| Applies to: Cisco ASA 5505 Adaptive Security Appliance Cisco ASA 5510 Adaptive Security Appliance Cisco ASA 5520 Adaptive Security Appliance Cisco ASA 5540 Adaptive Security Appliance Cisco ASA 5550 Adaptive Security Appliance Cisco ASA 5580 Adaptive... |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0393 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances... |
Type: Hardware |
Bulletins:
CVE-2011-0393 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances 500 series devices, when transparent firewall mode is configured but IPv6 is not configured, allow remote attackers to cause a denial of service (packet buffer exhaustion and device outage) via IPv6 traffic, aka Bug ID CSCtj04707. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0394 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances... |
Type: Hardware |
Bulletins:
CVE-2011-0394 SFBID46518 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances 500 series devices; and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(20), 3.2 before 3.2(20), 4.0 before 4.0(15), and 4.1 before 4.1(5) allow remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug IDs CSCtg69457 and CSCtl84952. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0379 |
Title: Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software... |
Type: Hardware |
Bulletins:
CVE-2011-0379 |
Severity: High |
| Description: Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3200 Cisco Telepresence Multipoint Switch Cisco... |
Created: 2011-02-25 |
Updated: 2024-01-17 |
||
| ID: MITRE:12333 |
Title: DSN Overflow Vulnerability |
Type: Miscellaneous |
Bulletins:
MITRE:12333 CVE-2011-0026 |
Severity: High |
| Description: Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." | ||||
| Applies to: Microsoft Data Access Components |
Created: 2011-02-21 |
Updated: 2024-01-17 |
||
| ID: MITRE:12411 |
Title: ADO Record Memory Vulnerability |
Type: Miscellaneous |
Bulletins:
MITRE:12411 CVE-2011-0027 |
Severity: High |
| Description: Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. | ||||
| Applies to: Microsoft Data Access Components |
Created: 2011-02-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0680 |
Title: data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in... |
Type: Mobile Devices |
Bulletins:
CVE-2011-0680 SFBID46105 |
Severity: Medium |
| Description: data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service. | ||||
| Applies to: |
Created: 2011-01-31 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0349 |
Title: Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2011-0349 SFBID46026 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth17178, a different vulnerability than CVE-2011-0350. | ||||
| Applies to: |
Created: 2011-01-28 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0350 |
Title: Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2011-0350 SFBID46028 |
Severity: High |
| Description: Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth41891, a different vulnerability than CVE-2011-0349. | ||||
| Applies to: |
Created: 2011-01-28 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0348 |
Title: Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass... |
Type: Hardware |
Bulletins:
CVE-2011-0348 SFBID46022 |
Severity: Medium |
| Description: Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917. | ||||
| Applies to: |
Created: 2011-01-28 |
Updated: 2024-01-17 |
||
| ID: MITRE:12289 |
Title: TIFF Image Converter Memory Corruption Vulnerability |
Type: Software |
Bulletins:
MITRE:12289 CVE-2010-3950 |
Severity: High |
| Description: The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack Microsoft Works 9 |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:11827 |
Title: TIFF Image Converter Heap Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:11827 CVE-2010-3947 |
Severity: High |
| Description: Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack Microsoft Works 9 |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:12387 |
Title: TIFF Image Converter Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:12387 CVE-2010-3949 |
Severity: High |
| Description: Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:11967 |
Title: PICT Image Converter Integer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:11967 CVE-2010-3946 |
Severity: High |
| Description: Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office 2003 Microsoft Office Converter Pack |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:12235 |
Title: Insecure Library Loading Vulnerability |
Type: Software |
Bulletins:
MITRE:12235 CVE-2010-3965 |
Severity: High |
| Description: Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." | ||||
| Applies to: Windows Media Encoder |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:12150 |
Title: FlashPix Image Converter Heap Corruption Vulnerability |
Type: Software |
Bulletins:
MITRE:12150 CVE-2010-3952 |
Severity: High |
| Description: The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack Microsoft Works 9 |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:12350 |
Title: FlashPix Image Converter Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
MITRE:12350 CVE-2010-3951 |
Severity: High |
| Description: Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office Converter Pack Microsoft Works 9 |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: MITRE:12249 |
Title: CGM Image Converter Buffer Overrun Vulnerability |
Type: Software |
Bulletins:
MITRE:12249 CVE-2010-3945 |
Severity: High |
| Description: Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability." | ||||
| Applies to: Microsoft Office 2002 Microsoft Office 2003 Microsoft Office Converter Pack |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-0352 |
Title: Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request. |
Type: Hardware |
Bulletins:
CVE-2011-0352 |
Severity: High |
| Description: Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request. | ||||
| Applies to: wrt54gc |
Created: 2011-01-24 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4691 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742. |
Type: Hardware |
Bulletins:
CVE-2010-4691 SFBID45768 |
Severity: High |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4692 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka... |
Type: Hardware |
Bulletins:
CVE-2010-4692 SFBID45768 |
Severity: High |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4676 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. |
Type: Hardware |
Bulletins:
CVE-2010-4676 SFBID45767 |
Severity: Medium |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4681 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901. |
Type: Hardware |
Bulletins:
CVE-2010-4681 SFBID45767 |
Severity: High |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4674 |
Title: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. |
Type: Hardware |
Bulletins:
CVE-2010-4674 SFBID45766 |
Severity: High |
| Description: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4688 |
Title: Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2010-4688 SFBID45768 |
Severity: High |
| Description: Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4680 |
Title: The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to... |
Type: Hardware |
Bulletins:
CVE-2010-4680 SFBID45767 |
Severity: High |
| Description: The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4671 |
Title: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with... |
Type: Hardware |
Bulletins:
CVE-2010-4671 SFBID45760 |
Severity: High |
| Description: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4690 |
Title: The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers... |
Type: Hardware |
Bulletins:
CVE-2010-4690 SFBID45768 |
Severity: Medium |
| Description: The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4687 |
Title: STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls... |
Type: Hardware |
Bulletins:
CVE-2010-4687 SFBID45769 |
Severity: Medium |
| Description: STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4682 |
Title: Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2010-4682 SFBID45767 |
Severity: High |
| Description: Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2009-5039 |
Title: Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as... |
Type: Hardware |
Bulletins:
CVE-2009-5039 |
Severity: Medium |
| Description: Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4683 |
Title: Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. |
Type: Hardware |
Bulletins:
CVE-2010-4683 SFBID45786 |
Severity: High |
| Description: Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4677 |
Title: emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. |
Type: Hardware |
Bulletins:
CVE-2010-4677 SFBID45767 |
Severity: Medium |
| Description: emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4684 |
Title: Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. |
Type: Hardware |
Bulletins:
CVE-2010-4684 SFBID45769 |
Severity: High |
| Description: Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4685 |
Title: Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2010-4685 SFBID45769 |
Severity: Medium |
| Description: Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2009-5038 |
Title: Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server,... |
Type: Hardware |
Bulletins:
CVE-2009-5038 SFBID45764 |
Severity: High |
| Description: Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4670 |
Title: Cisco Adaptive Security Appliances (ASA) IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS |
Type: Hardware |
Bulletins:
CVE-2010-4670 SFBID45760 |
Severity: High |
| Description: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco PIX 500 Firewall Series |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4689 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network... |
Type: Hardware |
Bulletins:
CVE-2010-4689 SFBID45768 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4678 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network... |
Type: Hardware |
Bulletins:
CVE-2010-4678 SFBID45767 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4679 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP... |
Type: Hardware |
Bulletins:
CVE-2010-4679 SFBID45767 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4675 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access... |
Type: Hardware |
Bulletins:
CVE-2010-4675 SFBID45767 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2009-5037 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911. |
Type: Hardware |
Bulletins:
CVE-2009-5037 |
Severity: Medium |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4673 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. |
Type: Hardware |
Bulletins:
CVE-2010-4673 SFBID45766 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4672 |
Title: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. |
Type: Hardware |
Bulletins:
CVE-2010-4672 SFBID45767 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-4686 |
Title: CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending... |
Type: Hardware |
Bulletins:
CVE-2010-4686 SFBID45769 |
Severity: High |
| Description: CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2009-5040 |
Title: CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. |
Type: Hardware |
Bulletins:
CVE-2009-5040 SFBID45765 |
Severity: Medium |
| Description: CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. | ||||
| Applies to: |
Created: 2011-01-07 |
Updated: 2024-01-17 |
||
