Vulnerabilities > Cisco > IOS > 12.4.2.mr1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-01-07 | CVE-2010-4683 | Missing Release of Resource After Effective Lifetime vulnerability in Cisco IOS Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. | 7.8 |
| 2011-01-07 | CVE-2009-5040 | Resource Management Errors vulnerability in Cisco IOS CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. | 6.8 |
| 2011-01-07 | CVE-2009-5039 | Missing Release of Resource After Effective Lifetime vulnerability in Cisco IOS Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. | 5.0 |
| 2011-01-07 | CVE-2009-5038 | Improper Input Validation vulnerability in Cisco IOS Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. | 7.8 |
| 2011-01-07 | CVE-2010-4671 | Resource Exhaustion vulnerability in Cisco IOS The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. | 7.8 |
| 2009-03-27 | CVE-2009-0637 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command. | 7.1 |
| 2009-03-27 | CVE-2009-0629 | Unspecified vulnerability in Cisco IOS The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets. | 5.4 |
| 2007-10-12 | CVE-2007-5381 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515. | 9.3 |
| 2007-05-10 | CVE-2007-2587 | Multiple vulnerability in Cisco IOS FTP Server The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). network cisco | 6.3 |
| 2007-02-01 | CVE-2007-0648 | Remote Denial Of Service vulnerability in Cisco IOS SIP Packet Handling Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. | 7.8 |