Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ios
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 598 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-09-13 | CVE-2006-4774 | The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2. | Ios | N/A | ||
| 2006-09-08 | CVE-2006-4650 | Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. | Ios | N/A | ||
| 2006-06-28 | CVE-2006-3291 | The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | Ios | N/A | ||
| 2006-02-01 | CVE-2006-0486 | Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770. | Ios | N/A | ||
| 2006-02-01 | CVE-2006-0485 | The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. | Ios | N/A | ||
| 2006-01-20 | CVE-2006-0340 | Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900. | Ios | N/A | ||
| 2005-12-31 | CVE-2005-4826 | Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. | Ios | N/A | ||
| 2005-12-15 | CVE-2005-4258 | Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | Catalyst, Catalyst_1200_series, Catalyst_1900_series, Catalyst_2800_series, Catalyst_2820, Catalyst_2900, Catalyst_2901, Catalyst_2902, Catalyst_2920, Catalyst_2926, Catalyst_2926f, Catalyst_2926gl, Catalyst_2926gs, Catalyst_2926t, Catalyst_2940, Catalyst_2948, Catalyst_2948\-Ge\-Tx, Catalyst_2948g\-L3, Catalyst_2950, Catalyst_2950_lre, Catalyst_2955, Catalyst_2970, Catalyst_2980g, Catalyst_2980g\-A, Catalyst_3000, Catalyst_3200, Catalyst_3500_xl, Catalyst_3550, Catalyst_3560, Catalyst_3750, Catalyst_3750_metro, Catalyst_3900, Catalyst_4000, Catalyst_4200, Catalyst_4224, Catalyst_4232, Catalyst_4232\-13, Catalyst_4500, Catalyst_4503, Catalyst_4506, Catalyst_4507r, Catalyst_4510r, Catalyst_4840g, Catalyst_4908g\-L3, Catalyst_4912g, Catalyst_4948, Catalyst_5000, Catalyst_5505, Catalyst_5509, Catalyst_6000, Catalyst_6000_ws\-Svc\-Nam\-1, Catalyst_6000_ws\-Svc\-Nam\-2, Catalyst_6000_ws\-X6380\-Nam, Catalyst_6500, Catalyst_6500_ws\-Svc\-Nam\-1, Catalyst_6500_ws\-Svc\-Nam\-2, Catalyst_6500_ws\-X6380\-Nam, Catalyst_6608, Catalyst_6624, Catalyst_7600, Catalyst_7600_ws\-Svc\-Nam\-1, Catalyst_7600_ws\-Svc\-Nam\-2, Catalyst_7600_ws\-X6380\-Nam, Catalyst_8500, Catalyst_8510csr, Catalyst_8510msr, Catalyst_8540csr, Catalyst_8540msr, Catalyst_ws\-C2924\-Xl, Catos, Ios | N/A | ||
| 2005-11-30 | CVE-2005-3921 | Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were... | Ios | N/A | ||
| 2005-11-03 | CVE-2005-3481 | Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed. | Ios | N/A |