# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
40251 |
CVE-2016-1415 |
399 |
|
DoS |
2016-09-03 |
2017-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. |
40252 |
CVE-2016-1413 |
94 |
|
|
2016-05-27 |
2016-05-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. |
40253 |
CVE-2016-1411 |
310 |
|
|
2016-12-13 |
2016-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. |
40254 |
CVE-2016-1410 |
200 |
|
+Info |
2016-05-27 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. |
40255 |
CVE-2016-1409 |
20 |
|
DoS |
2016-05-29 |
2017-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. |
40256 |
CVE-2016-1408 |
20 |
|
Exec Code |
2016-07-02 |
2019-07-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. |
40257 |
CVE-2016-1407 |
20 |
|
DoS |
2016-05-24 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. |
40258 |
CVE-2016-1406 |
284 |
|
+Priv Bypass +Info |
2016-05-24 |
2019-07-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. |
40259 |
CVE-2016-1405 |
119 |
|
DoS Overflow |
2016-06-08 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. |
40260 |
CVE-2016-1404 |
200 |
|
+Info |
2016-05-29 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. |
40261 |
CVE-2016-1403 |
20 |
|
Exec Code +Priv |
2016-06-04 |
2016-06-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. |
40262 |
CVE-2016-1402 |
119 |
|
DoS Overflow |
2016-05-20 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. |
40263 |
CVE-2016-1401 |
79 |
|
XSS |
2016-05-20 |
2016-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. |
40264 |
CVE-2016-1400 |
20 |
|
DoS |
2016-05-24 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. |
40265 |
CVE-2016-1399 |
399 |
|
DoS |
2016-05-13 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431. |
40266 |
CVE-2016-1398 |
119 |
|
DoS Overflow |
2016-07-03 |
2017-08-31 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. |
40267 |
CVE-2016-1397 |
119 |
|
DoS Overflow |
2016-06-18 |
2017-08-31 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. |
40268 |
CVE-2016-1396 |
79 |
|
XSS |
2016-06-18 |
2016-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. |
40269 |
CVE-2016-1395 |
20 |
|
Exec Code |
2016-06-18 |
2016-11-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. |
40270 |
CVE-2016-1394 |
264 |
|
|
2016-07-02 |
2016-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. |
40271 |
CVE-2016-1393 |
89 |
|
Exec Code Sql |
2016-05-11 |
2016-11-28 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. |
40272 |
CVE-2016-1392 |
|
|
|
2016-05-05 |
2016-11-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. |
40273 |
CVE-2016-1391 |
20 |
|
Exec Code |
2016-06-03 |
2017-08-08 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889. |
40274 |
CVE-2016-1390 |
20 |
|
|
2016-06-03 |
2016-08-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892. |
40275 |
CVE-2016-1389 |
|
|
|
2016-04-28 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. |
40276 |
CVE-2016-1388 |
77 |
|
Exec Code |
2016-06-02 |
2016-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882. |
40277 |
CVE-2016-1387 |
287 |
|
Exec Code |
2016-05-05 |
2016-11-30 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. |
40278 |
CVE-2016-1386 |
264 |
|
|
2016-04-28 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. |
40279 |
CVE-2016-1385 |
119 |
|
DoS Overflow |
2016-05-26 |
2016-11-30 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. |
40280 |
CVE-2016-1384 |
264 |
|
|
2016-04-20 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. |
40281 |
CVE-2016-1383 |
399 |
|
DoS |
2016-05-24 |
2016-11-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. |
40282 |
CVE-2016-1382 |
20 |
|
DoS |
2016-05-24 |
2016-11-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. |
40283 |
CVE-2016-1381 |
399 |
|
DoS |
2016-05-24 |
2016-11-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270. |
40284 |
CVE-2016-1380 |
20 |
|
DoS |
2016-05-24 |
2016-11-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. |
40285 |
CVE-2016-1379 |
399 |
|
DoS |
2016-05-27 |
2016-05-31 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576. |
40286 |
CVE-2016-1378 |
200 |
|
+Info |
2016-04-13 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591. |
40287 |
CVE-2016-1377 |
79 |
|
XSS |
2016-04-12 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. |
40288 |
CVE-2016-1376 |
20 |
|
DoS |
2016-04-12 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548. |
40289 |
CVE-2016-1375 |
79 |
|
XSS |
2016-04-08 |
2016-04-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. |
40290 |
CVE-2016-1374 |
20 |
|
Exec Code |
2016-07-27 |
2017-08-31 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827. |
40291 |
CVE-2016-1373 |
|
|
|
2016-05-05 |
2016-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. |
40292 |
CVE-2016-1372 |
284 |
|
DoS |
2016-10-03 |
2016-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. |
40293 |
CVE-2016-1371 |
284 |
|
DoS |
2016-10-03 |
2016-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. |
40294 |
CVE-2016-1370 |
20 |
|
DoS |
2016-06-02 |
2017-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324. |
40295 |
CVE-2016-1369 |
399 |
|
DoS |
2016-05-05 |
2016-11-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922. |
40296 |
CVE-2016-1368 |
399 |
|
DoS |
2016-05-05 |
2016-05-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. |
40297 |
CVE-2016-1367 |
399 |
|
DoS |
2016-04-21 |
2016-12-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248. |
40298 |
CVE-2016-1366 |
264 |
|
DoS |
2016-03-24 |
2016-12-02 |
6.8 |
None |
Remote |
Low |
Single system |
None |
Complete |
None |
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. |
40299 |
CVE-2016-1365 |
20 |
|
Exec Code |
2016-08-18 |
2017-08-15 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507. |
40300 |
CVE-2016-1364 |
20 |
|
DoS |
2016-04-21 |
2016-12-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908. |