Page 74 of 456 results (0.011 seconds)

CVSS: 7.8EPSS: 8%CPEs: 2EXPL: 0

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context. El VLAN Trunking Protocol (VTP) característico en Cisco IOS 12.1(19) y CatOS permite a un atacante remoto provocar una denegación de servicio con el envío de una actualización de VTP con un valor de revisión de 0x7FFFFFFF, el cual se incrementa a 0x80000000 y es interpretado como un número negativo en un contexto de señales. • http://secunia.com/advisories/21896 http://secunia.com/advisories/21902 http://securitytracker.com/id?1016843 http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml http://www.kb.cert.org/vuls/id/175148 http://www.osvdb.org/28776 http://www.phenoelit.de/stuff/CiscoVTP.txt http://www.securityfocus.com/archive/1/445896/100/0/threaded http://www.securityfocus.com/archive/1/445938/100/0/threaded http://www.securityfocus.com/bid/19998 http://www.vupen& • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 44%CPEs: 1EXPL: 0

Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement. Desbordamiento de búfer basado en montón en la VLAN Trunking Protocol (VTP) característico de Cisco IOS 12.1(19), permite a un atacante remoto ejecutar código de su elección a través de un nombre largo de VLAN en un anuncio resumen de VTP tipo 2. • http://secunia.com/advisories/21896 http://securitytracker.com/id?1016843 http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml http://www.kb.cert.org/vuls/id/542108 http://www.osvdb.org/28777 http://www.phenoelit.de/stuff/CiscoVTP.txt http://www.securityfocus.com/archive/1/445896/100/0/threaded http://www.securityfocus.com/archive/1/445938/100/0/threaded http://www.securityfocus.com/bid/19998 http://www.vupen.com/english/advisories/2006/3600 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 0

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2. El VLAN Trunking Protocol (VTP) característico en Cisco IOS 12.1(19) permite a un atacante remoto provocar una denegación de servicio a través del envio de una versión de VTP 1 marco resumen con un valor del campo de la versión de VTP de 2. • http://secunia.com/advisories/21896 http://securitytracker.com/id?1016843 http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml http://www.kb.cert.org/vuls/id/821420 http://www.osvdb.org/28775 http://www.phenoelit.de/stuff/CiscoVTP.txt http://www.securityfocus.com/archive/1/445896/100/0/threaded http://www.securityfocus.com/archive/1/445938/100/0/threaded http://www.securityfocus.com/bid/19998 http://www.vupen.com/english/advisories/2006/3600 https&# • CWE-399: Resource Management Errors •

CVSS: 2.6EPSS: 12%CPEs: 3EXPL: 0

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. Cisco IOS 12.0, 12.1, y 12.2, cuando la tunelación GRE IP esta siendo usada y falta la conformidad RFC2784, no verifica el campo offset de un paquete GRE durante su encapsulación, lo cauls lleva a un desbordamiento de enteros que referencia datos desde localizaciones de memoria incorrectas, lo cual permite a un atacante remoto inyectar paquetes artesanales dentro de la cola de enrutamiento, posiblemente evitando la ACLs del router previsto. • http://secunia.com/advisories/21783 http://securityreason.com/securityalert/1526 http://securitytracker.com/id?1016799 http://www.cisco.com/en/US/tech/tk827/tk369/tsd_technology_security_response09186a008072cd7b.html http://www.osvdb.org/28590 http://www.phenoelit.de/stuff/CiscoGRE.txt http://www.securityfocus.com/archive/1/445322/100/0/threaded http://www.securityfocus.com/bid/19878 http://www.vupen.com/english/advisories/2006/3502 https://exchange.xforce.ibmcloud.com/vulnerabilities •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. El interfaz web de Cisco IOS 12.3(8)JA y 12.3(8)JA1, tal como es utilizado en Cisco Wireless Access Point y Wireless Bridge, se reconfigura cuando se activa la opción de configuración "Local User List Only (Individual Passwords)", lo que elmina toda las configuraciones de seguridad y contraseñas y permite a atacantes remotos acceder al sistema. • http://secunia.com/advisories/20860 http://securitytracker.com/id?1016399 http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml http://www.kb.cert.org/vuls/id/544484 http://www.osvdb.org/26878 http://www.securityfocus.com/bid/18704 http://www.vupen.com/english/advisories/2006/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/27437 • CWE-16: Configuration •