Vulnerabilities > Cisco > IOS XR > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-0241 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. low complexity cisco | 6.1 |
| 2017-11-30 | CVE-2017-12355 | Improper Input Validation vulnerability in Cisco IOS XR 6.4.1Base A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. | 5.0 |
| 2017-10-05 | CVE-2017-12270 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XR A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. | 5.0 |
| 2017-07-10 | CVE-2017-6731 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XR 4.3.2.Mcast/6.0.2.Base A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. | 5.0 |
| 2017-07-10 | CVE-2017-6728 | Improper Privilege Management vulnerability in Cisco IOS XR A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. | 6.9 |
| 2017-04-07 | CVE-2017-6599 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS XR 6.1.1/6.2.1 A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. | 5.0 |
| 2016-12-14 | CVE-2016-9205 | Resource Management Errors vulnerability in Cisco IOS XR 6.1.1 A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. | 5.0 |
| 2016-10-05 | CVE-2016-6421 | Resource Management Errors vulnerability in Cisco IOS XR 5.2.2 Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. | 5.0 |
| 2016-09-19 | CVE-2016-6415 | Information Exposure vulnerability in Cisco IOS XE The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN. | 5.0 |
| 2016-09-18 | CVE-2016-1433 | Resource Management Errors vulnerability in Cisco IOS XR 6.0.0/6.0.1/6.0Base Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. | 5.0 |