← Back

Cisco

cisco

6,592 CVEs • 6,223 products

Products (6,223)

Click to collapse
Toggle
Ios
ios
Ios Xe
ios_xe
Nx Os
nx_os
Ios Xr
ios_xr
Asyncos
asyncos
Asa 5500
asa_5500
Jabber
jabber

CVEs (6,592)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Cisco
1Webex
Apr 29, 2026
May 27, 2013
N/A· v4
N/A· v3
5.8 MEDIUM· v2
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...Show more
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.Show less
1Cisco
1Ios Xr
Apr 29, 2026
May 23, 2013
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345.
1Cisco
1Webex Social
Apr 29, 2026
May 16, 2013
N/A· v4
N/A· v3
4.0 MEDIUM· v2
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated use...Show more
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.Show less
1Cisco
1Webex Social
Apr 29, 2026
May 16, 2013
N/A· v4
N/A· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID C...Show more
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199.Show less
1Cisco
2Telepresence Supervisor Mse 8050
Telepresence Supervisor Mse 8050 Software
Apr 29, 2026
May 16, 2013
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug IDs CSCuf76076 and C...Show more
Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug IDs CSCuf76076 and CSCuf79763.Show less
1Cisco
1Secure Access Control System
Apr 29, 2026
May 16, 2013
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787.
1Cisco
1Unified Communications Manager
Apr 29, 2026
May 16, 2013
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug...Show more
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.Show less
1Cisco
1Ios
Apr 29, 2026
May 13, 2013
N/A· v4
N/A· v3
4.6 MEDIUM· v2
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating mul...Show more
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193.Show less
1Cisco
1Unified Presence Server
Apr 29, 2026
May 10, 2013
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.
1Cisco
1Unified Customer Voice Portal
Apr 29, 2026
May 9, 2013
N/A· v4
N/A· v3
7.8 HIGH· v2
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conj...Show more
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.Show less
1Cisco
1Unified Customer Voice Portal
Apr 29, 2026
May 9, 2013
N/A· v4
N/A· v3
7.8 HIGH· v2
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS...Show more
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.Show less
1Cisco
1Unified Customer Voice Portal
Apr 29, 2026
May 9, 2013
N/A· v4
N/A· v3
7.8 HIGH· v2
The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or...Show more
The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372.Show less
1Cisco
1Unified Customer Voice Portal
Apr 29, 2026
May 9, 2013
N/A· v4
N/A· v3
7.8 HIGH· v2
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web appli...Show more
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.Show less
1Cisco
1Unified Customer Voice Portal
Apr 29, 2026
May 9, 2013
N/A· v4
N/A· v3
10.0 HIGH· v2
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a craf...Show more
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.Show less
1Cisco
1Unified Customer Voice Portal
Apr 29, 2026
May 9, 2013
N/A· v4
N/A· v3
7.8 HIGH· v2
The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug I...Show more
The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148.Show less
1Cisco
271921 Integrated Services Router
1941 Integrated Services Router1941w Integrated Services Router+24 more
Apr 29, 2026
May 8, 2013
N/A· v4
N/A· v3
6.3 MEDIUM· v2
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets...Show more
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025.Show less
1Cisco
1Unified Communications Manager
Apr 29, 2026
May 4, 2013
N/A· v4
N/A· v3
4.6 MEDIUM· v2
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
1Cisco
162000 Wireless Lan Controller
2100 Wireless Lan Controller2106 Wireless Lan Controller+13 more
Apr 29, 2026
May 4, 2013
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET...Show more
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.Show less
1Cisco
3Webex Meetings Server
Webex Node For Asr 1000 SeriesWebex Node For Mcs
Apr 29, 2026
May 4, 2013
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug...Show more
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252.Show less
1Cisco
1Ios Xr
Apr 29, 2026
May 3, 2013
N/A· v4
N/A· v3
4.0 MEDIUM· v2
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.