Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-12 | CVE-2005-2241 | Remote Denial Of Service vulnerability in Cisco CallManager RISDC Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | 5.0 |
| 2005-07-11 | CVE-2005-2181 | Improper Verification of Cryptographic Signature vulnerability in Cisco IP Phone 7940 Firmware and IP Phone 7960 Firmware Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
| 2005-07-05 | CVE-2005-2105 | Security Bypass vulnerability in IOS Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. | 7.5 |
| 2005-06-20 | CVE-2005-2025 | Unspecified vulnerability in Cisco products Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname. | 5.0 |
| 2005-06-10 | CVE-2005-1942 | Security Bypass vulnerability in Catalyst Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages. | 7.5 |
| 2005-05-31 | CVE-2005-0356 | Remote Denial Of Service vulnerability in Multiple Vendor TCP Timestamp PAWS Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | 5.0 |
| 2005-05-11 | CVE-2005-1517 | Remote Security vulnerability in FWSM for Cisco Catalyst 6500/7600 Series Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs). | 7.5 |
| 2005-05-02 | CVE-2005-1058 | Unspecified vulnerability in Cisco IOS 12.2T/12.3/12.3T Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. | 7.5 |
| 2005-05-02 | CVE-2005-1057 | Unspecified vulnerability in Cisco IOS 12.2T/12.3/12.3T Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." | 7.5 |
| 2005-05-02 | CVE-2005-1021 | Resource Management Errors vulnerability in Cisco IOS Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. | 7.1 |