Page 54 of 278 results (0.013 seconds)

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. • http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml http://www.securityfocus.com/bid/5041 https://exchange.xforce.ibmcloud.com/vulnerabilities/9368 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0

Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0027.html http://archives.neohapsis.com/archives/bugtraq/2002-06/0050.html http://www.securityfocus.com/bid/4948 https://exchange.xforce.ibmcloud.com/vulnerabilities/9282 •

CVSS: 7.8EPSS: 9%CPEs: 5EXPL: 1

Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040330.html http://marc.info/?l=full-disclosure&m=113504451523186&w=2 http://secunia.com/advisories/7766 http://securitytracker.com/id?1005840 http://www.cisco.com/en/US/tech/tk365/technologies_security_notice09186a008011c5e1.html http://www.cisco.com/warp/public/707/eigrp_issue.pdf http://www.osvdb.org/18055 http://www.securityfocus.com/archive/1/304034 http://www.securityfocus.com/archive/1/304044 http://w •

CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0

Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html http://securitytracker.com/id?1005812 http://securitytracker.com/id?1005813 http://www.cert.org/advisories/CA-2002-36.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html http://securitytracker.com/id?1005812 http://securitytracker.com/id?1005813 http://www.cert.org/advisories/CA-2002-36.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797 • CWE-20: Improper Input Validation •