NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2007-5581 | Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. | 4.3 | 0.55% | 2007-11-08 | 2026-04-23 |
| CVE-2007-5582 | Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 | 0.79% | 2007-12-15 | 2026-04-23 |
| CVE-2007-5580 | Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. | 10.0 | 16.47% | 2007-12-15 | 2026-04-23 |
| CVE-2007-5583 | Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. | 7.8 | 30.12% | 2007-12-18 | 2026-04-23 |
| CVE-2007-5584 | Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections." | 7.8 | 1.48% | 2007-12-20 | 2026-04-23 |
| CVE-2008-0027 | Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. | 10.0 | 35.51% | 2008-01-17 | 2026-04-23 |
| CVE-2008-0029 | Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | 10.0 | 1.24% | 2008-01-23 | 2026-04-23 |
| CVE-2008-0028 | Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. | 7.1 | 1.75% | 2008-01-23 | 2026-04-23 |
| CVE-2008-0026 | SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | 6.5 | 0.36% | 2008-02-14 | 2026-04-23 |
| CVE-2008-0531 | Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message. | 9.3 | 1.53% | 2008-02-15 | 2026-04-23 |
| CVE-2008-0530 | Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response. | 10.0 | 9.71% | 2008-02-15 | 2026-04-23 |
| CVE-2008-0529 | Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command. | 10.0 | 7.10% | 2008-02-15 | 2026-04-23 |
| CVE-2008-0528 | Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data. | 10.0 | 8.91% | 2008-02-15 | 2026-04-23 |
| CVE-2008-0527 | The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request. | 7.8 | 1.32% | 2008-02-15 | 2026-04-23 |
| CVE-2008-0526 | Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. | 7.8 | 1.92% | 2008-02-15 | 2026-04-23 |
| CVE-2008-1157 | Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. | 10.0 | 28.92% | 2008-03-14 | 2026-04-23 |
| CVE-2008-0533 | Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. | 4.3 | 3.46% | 2008-03-14 | 2026-04-23 |
| CVE-2008-0532 | Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. | 10.0 | 71.24% | 2008-03-14 | 2026-04-23 |
| CVE-2008-1156 | Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. | 5.1 | 0.79% | 2008-03-27 | 2026-04-23 |
| CVE-2008-1153 | Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | 7.1 | 2.99% | 2008-03-27 | 2026-04-23 |