| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
32251 |
CVE-2016-1434 |
22 |
|
Dir. Trav. |
2016-06-22 |
2016-11-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. |
|
32252 |
CVE-2016-1433 |
399 |
|
DoS |
2016-09-18 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. |
|
32253 |
CVE-2016-1432 |
399 |
|
DoS |
2016-06-17 |
2016-06-20 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862. |
|
32254 |
CVE-2016-1431 |
79 |
|
XSS |
2016-06-17 |
2016-06-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. |
|
32255 |
CVE-2016-1428 |
399 |
|
DoS |
2016-06-22 |
2016-11-29 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. |
|
32256 |
CVE-2016-1427 |
287 |
|
+Info |
2016-06-17 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. |
|
32257 |
CVE-2016-1425 |
119 |
|
DoS Overflow |
2016-07-03 |
2017-08-31 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. |
|
32258 |
CVE-2016-1424 |
119 |
|
DoS Overflow |
2016-06-18 |
2016-06-20 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. |
|
32259 |
CVE-2016-1423 |
79 |
|
XSS |
2016-10-28 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047. |
|
32260 |
CVE-2016-1421 |
119 |
|
DoS Overflow |
2016-06-09 |
2016-06-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The web application on Cisco IP 8800 devices allows remote attackers to cause a denial of service (out-of-bounds memory access and web-server outage) via a crafted request, aka Bug ID CSCuz03034. |
|
32261 |
CVE-2016-1419 |
20 |
|
DoS |
2016-06-09 |
2017-08-15 |
6.8 |
None |
Local Network |
Low |
Not required |
None |
Partial |
Complete |
|
Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. |
|
32262 |
CVE-2016-1417 |
426 |
|
Exec Code |
2017-01-23 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed. |
|
32263 |
CVE-2016-1415 |
399 |
|
DoS |
2016-09-03 |
2017-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. |
|
32264 |
CVE-2016-1413 |
94 |
|
|
2016-05-27 |
2016-05-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. |
|
32265 |
CVE-2016-1411 |
310 |
|
|
2016-12-13 |
2016-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. |
|
32266 |
CVE-2016-1410 |
200 |
|
+Info |
2016-05-27 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. |
|
32267 |
CVE-2016-1409 |
20 |
|
DoS |
2016-05-29 |
2017-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. |
|
32268 |
CVE-2016-1408 |
20 |
|
Exec Code |
2016-07-02 |
2019-07-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. |
|
32269 |
CVE-2016-1407 |
20 |
|
DoS |
2016-05-24 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. |
|
32270 |
CVE-2016-1406 |
284 |
|
+Priv Bypass +Info |
2016-05-24 |
2019-07-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. |
|
32271 |
CVE-2016-1405 |
119 |
|
DoS Overflow |
2016-06-08 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. |
|
32272 |
CVE-2016-1404 |
200 |
|
+Info |
2016-05-29 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. |
|
32273 |
CVE-2016-1402 |
119 |
|
DoS Overflow |
2016-05-20 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. |
|
32274 |
CVE-2016-1401 |
79 |
|
XSS |
2016-05-20 |
2016-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. |
|
32275 |
CVE-2016-1400 |
20 |
|
DoS |
2016-05-24 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. |
|
32276 |
CVE-2016-1399 |
399 |
|
DoS |
2016-05-13 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431. |
|
32277 |
CVE-2016-1398 |
119 |
|
DoS Overflow |
2016-07-03 |
2017-08-31 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. |
|
32278 |
CVE-2016-1397 |
119 |
|
DoS Overflow |
2016-06-18 |
2017-08-31 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. |
|
32279 |
CVE-2016-1396 |
79 |
|
XSS |
2016-06-18 |
2016-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. |
|
32280 |
CVE-2016-1393 |
89 |
|
Exec Code Sql |
2016-05-11 |
2016-11-28 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. |
|
32281 |
CVE-2016-1392 |
|
|
|
2016-05-05 |
2016-11-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. |
|
32282 |
CVE-2016-1391 |
20 |
|
Exec Code |
2016-06-03 |
2017-08-08 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889. |
|
32283 |
CVE-2016-1389 |
|
|
|
2016-04-28 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. |
|
32284 |
CVE-2016-1386 |
264 |
|
|
2016-04-28 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. |
|
32285 |
CVE-2016-1385 |
119 |
|
DoS Overflow |
2016-05-26 |
2016-11-30 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. |
|
32286 |
CVE-2016-1384 |
264 |
|
|
2016-04-20 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. |
|
32287 |
CVE-2016-1379 |
399 |
|
DoS |
2016-05-27 |
2016-05-31 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576. |
|
32288 |
CVE-2016-1378 |
200 |
|
+Info |
2016-04-13 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591. |
|
32289 |
CVE-2016-1377 |
79 |
|
XSS |
2016-04-12 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. |
|
32290 |
CVE-2016-1376 |
20 |
|
DoS |
2016-04-12 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548. |
|
32291 |
CVE-2016-1375 |
79 |
|
XSS |
2016-04-08 |
2016-04-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. |
|
32292 |
CVE-2016-1373 |
|
|
|
2016-05-05 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. |
|
32293 |
CVE-2016-1372 |
284 |
|
DoS |
2016-10-03 |
2016-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. |
|
32294 |
CVE-2016-1371 |
284 |
|
DoS |
2016-10-03 |
2016-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. |
|
32295 |
CVE-2016-1370 |
20 |
|
DoS |
2016-06-02 |
2017-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324. |
|
32296 |
CVE-2016-1366 |
264 |
|
DoS |
2016-03-24 |
2016-12-02 |
6.8 |
None |
Remote |
Low |
Single system |
None |
Complete |
None |
|
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. |
|
32297 |
CVE-2016-1361 |
399 |
|
DoS |
2016-03-11 |
2016-12-02 |
4.6 |
None |
Local Network |
High |
Not required |
None |
None |
Complete |
|
Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. |
|
32298 |
CVE-2016-1360 |
200 |
|
+Info |
2016-03-11 |
2016-12-02 |
3.0 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
None |
|
Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. |
|
32299 |
CVE-2016-1359 |
20 |
|
Exec Code |
2016-03-03 |
2019-07-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. |
|
32300 |
CVE-2016-1358 |
119 |
|
DoS Overflow |
2016-03-03 |
2019-07-29 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497. |
