Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-29 | CVE-2009-4915 | Unspecified vulnerability in Cisco ASA 5580 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection stress test," aka Bug ID CSCsq68451. | 7.8 |
2010-06-29 | CVE-2009-4914 | Resource Management Errors vulnerability in Cisco ASA 5580 Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879. | 7.8 |
2010-06-29 | CVE-2009-4913 | Permissions, Privileges, and Access Controls vulnerability in Cisco ASA 5580 The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. | 5.0 |
2010-06-29 | CVE-2009-4912 | Permissions, Privileges, and Access Controls vulnerability in Cisco ASA 5580 Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. | 10.0 |
2010-06-29 | CVE-2009-4911 | Unspecified vulnerability in Cisco ASA 5580 8.1(1) Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958. | 7.8 |
2010-06-29 | CVE-2009-4910 | Cross-Site Scripting vulnerability in Cisco ASA 5580 Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. | 4.3 |
2010-06-29 | CVE-2008-7257 | Improper Input Validation vulnerability in Cisco ASA 5580 8.1(1) CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | 4.3 |
2010-06-28 | CVE-2010-2506 | Cross-Site Scripting vulnerability in Cisco Linksys Firmware and Linksys Wap54G Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. | 2.9 |
2010-06-10 | CVE-2010-1572 | Remote Privilege Escalation vulnerability in Cisco Application Extension Framework 1.1/1.1.5 Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls. | 9.0 |
2010-06-10 | CVE-2010-1571 | Path Traversal vulnerability in Cisco products Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295. | 7.8 |