Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-14 | CVE-2010-1561 | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115. | 7.8 |
| 2010-05-14 | CVE-2010-0604 | Denial of Service vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9 Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP traffic, as demonstrated by "SIP testing," aka Bug ID CSCsk38165. | 7.8 |
| 2010-05-14 | CVE-2010-0603 | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9 The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030. | 7.8 |
| 2010-05-14 | CVE-2010-0602 | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9 The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606. | 7.8 |
| 2010-05-14 | CVE-2010-0601 | Improper Input Validation vulnerability in Cisco PGW 2200 Softswitch 9.7(3)S/9.7(3)S9 The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126. | 7.8 |
| 2010-05-04 | CVE-2010-0594 | Cross-Site Scripting vulnerability in Cisco Router and Security Device Manager 2.5 Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. | 4.3 |
| 2010-04-22 | CVE-2010-0593 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726. | 9.0 |
| 2010-04-15 | CVE-2010-0589 | Improper Input Validation vulnerability in Cisco Secure Desktop The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876. | 9.3 |
| 2010-03-29 | CVE-2010-1174 | Improper Input Validation vulnerability in Cisco Tftp Server 1.1 Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. | 5.0 |
| 2010-03-25 | CVE-2010-0586 | Unspecified vulnerability in Cisco IOS Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability." | 7.8 |