Vulnerabilities > Cisco > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-09 | CVE-2007-4286 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet. | 9.3 |
| 2007-08-09 | CVE-2007-4285 | Denial-Of-Service vulnerability in IOS Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header. | 9.0 |
| 2007-08-08 | CVE-2007-4241 | Remote Buffer Overflow vulnerability in HP Hp-Ux 11.11I Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781. | 10.0 |
| 2007-07-15 | CVE-2006-5278 | Heap Buffer Overflow vulnerability in Cisco products Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. | 10.0 |
| 2007-07-15 | CVE-2006-5277 | Heap Buffer Overflow vulnerability in Cisco products Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. | 9.3 |
| 2007-04-26 | CVE-2007-2282 | Remote Default Account vulnerability in Cisco NetFlow Collection Engine Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. | 10.0 |
| 2007-04-16 | CVE-2007-2036 | Remote vulnerability in Cisco Wireless LAN Controller Software 4.1 The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. | 10.0 |
| 2007-04-16 | CVE-2007-2034 | Multiple vulnerability in Cisco Wireless Control System Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190. | 9.0 |
| 2007-03-03 | CVE-2007-1257 | Improper Input Validation vulnerability in Cisco products The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. | 10.0 |
| 2007-02-22 | CVE-2007-1063 | USE of Hard-Coded Credentials vulnerability in Cisco products The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | 10.0 |