CVSS: 10.0EPSS: 57%CPEs: 165EXPL: 2CVE-2008-0960 – SNMPv3 - HMAC Validation error Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-0960
10 Jun 2008 — SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relie... • https://www.exploit-db.com/exploits/5790 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1150
https://notcve.org/view.php?id=CVE-2008-1150
27 Mar 2008 — The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. La componente red privada virtual dial-up (VPDN) de Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de una ser... • http://secunia.com/advisories/29507 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1151
https://notcve.org/view.php?id=CVE-2008-1151
27 Mar 2008 — Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. Fugas de memoria en la componente de red privada virtual dial-up (VPDN) en Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una se... • http://secunia.com/advisories/29507 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 49%CPEs: 1429EXPL: 2CVE-2007-5381 – Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5381
12 Oct 2007 — Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515. Desbordamiento de búfer basado en pila en Line Printer Daemon (LPD) en Cisco IOS anterior a 12.2(18)SXF11, 12.4(16a), y 12.4(2)T6 permite a atacantes remotos ejecutar... • https://www.exploit-db.com/exploits/30652 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 12%CPEs: 22EXPL: 1CVE-2007-4430 – Cisco IOS 12.3 - Show IP BGP Regexp Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4430
20 Aug 2007 — Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access. Una vulnerabilidad no especificada en Cisco IOS versiones 12.0 hasta 12.4, permite a atacantes dependiendo del contexto causar una denegación de servicio (reinicio... • https://www.exploit-db.com/exploits/30506 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 23EXPL: 0CVE-2007-2688
https://notcve.org/view.php?id=CVE-2007-2688
16 May 2007 — The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. El Sistema de Prevención de Intrusiones (Intrusion Prevention System o IPS) de Cisco e IOS con el juego de funcionalidades Firewall/IPS no maneja adecuadamente determinadas codificaciones de caracteres Unicode de ancho completo y medio, lo cual podría permitir a atacantes ... • http://secunia.com/advisories/25285 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2007-0199
https://notcve.org/view.php?id=CVE-2007-0199
11 Jan 2007 — The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." La propiedad Data-link Switching (DLSw) en Cisco IOS 11.0 hata 12.4 permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) mediante "un valor inválido en un mensaje DLSw... durante el intercambio de habilidades". • http://osvdb.org/32683 •
CVSS: 10.0EPSS: 3%CPEs: 228EXPL: 0CVE-2006-4950
https://notcve.org/view.php?id=CVE-2006-4950
23 Sep 2006 — Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. Cisco IOS 12.2 hasta 12.4 anteriores al 20/09/2006, usados por Cisco IAD2430, IAD2431, y IAD2432 Integrated A... • http://secunia.com/advisories/21974 •
CVSS: 7.8EPSS: 0%CPEs: 167EXPL: 1CVE-2005-4258
https://notcve.org/view.php?id=CVE-2005-4258
15 Dec 2005 — Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. Conmutadores Cisco Catalyst no especificados permiten a atacantes remotos causar una denegación de servicio (caída de dispositivo) mediante un paquete IP con IPs y puertos de origen y destino iguales y con la ... • http://www.securityfocus.com/bid/15864 •
CVSS: 6.1EPSS: 1%CPEs: 225EXPL: 2CVE-2005-3921
https://notcve.org/view.php?id=CVE-2005-3921
30 Nov 2005 — Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as... • http://secunia.com/advisories/17780 •