Vulnerabilities > Cisco > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-18 CVE-2023-20156 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device.
network
low complexity
cisco CWE-120
critical
9.8
2023-05-04 CVE-2023-20126 Missing Authentication for Critical Function vulnerability in Cisco Spa112 Firmware 1.4.1
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
cisco CWE-306
critical
9.8
2023-04-05 CVE-2023-20073 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device.
network
low complexity
cisco CWE-434
critical
9.8
2023-03-03 CVE-2023-20078 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
critical
9.8
2023-03-01 CVE-2023-20032 Out-of-bounds Write vulnerability in multiple products
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write.
network
low complexity
cisco clamav stormshield CWE-787
critical
9.8
2023-01-20 CVE-2023-20025 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets.
network
low complexity
cisco CWE-20
critical
9.8
2023-01-02 CVE-2015-10011 Improper Encoding or Escaping of Output vulnerability in Cisco Openresolve
A vulnerability classified as problematic has been found in OpenDNS OpenResolve.
network
low complexity
cisco CWE-116
critical
9.8
2022-09-08 CVE-2022-20923 Improper Authentication vulnerability in Cisco products
A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network.
network
low complexity
cisco CWE-287
critical
9.8
2022-08-10 CVE-2022-20842 Improper Input Validation vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-20
critical
9.8
2022-08-10 CVE-2022-20827 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-78
critical
10.0