Vulnerabilities > Cisco > IOS XR > 6.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-17 | CVE-2019-1686 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. | 8.6 |
| 2019-02-21 | CVE-2019-1681 | Path Traversal vulnerability in Cisco IOS XR A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. | 7.5 |
| 2018-10-05 | CVE-2018-15428 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 6.8 |
| 2018-08-15 | CVE-2018-0418 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
| 2017-06-13 | CVE-2017-6666 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. | 6.0 |
| 2017-05-16 | CVE-2017-3876 | Unspecified vulnerability in Cisco IOS XR 6.1.0/6.1.1 A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. | 7.5 |
| 2017-04-07 | CVE-2017-6599 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XR 6.1.1/6.2.1 A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. | 5.3 |
| 2016-12-14 | CVE-2016-9215 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR 6.1.1 A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. | 7.8 |
| 2016-12-14 | CVE-2016-9205 | Resource Management Errors vulnerability in Cisco IOS XR 6.1.1 A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. | 7.5 |
| 2016-10-06 | CVE-2016-6428 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR 6.1.1 Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. | 7.8 |