| CVE-2017-3886 |
medium |
4.9 |
4.9 |
|
|
cisco |
9y ago |
A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries,… |
| CVE-2017-3885 |
medium |
5.9 |
5.9 |
|
|
cisco |
9y ago |
A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of servi… |
| CVE-2017-3884 |
medium |
6.5 |
6.5 |
|
|
cisco |
9y ago |
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The att… |
| CVE-2017-3848 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user … |
| CVE-2017-3817 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for a… |
| CVE-2016-9197 |
medium |
6.7 |
6.7 |
|
|
cisco |
9y ago |
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying o… |
| CVE-2016-9195 |
medium |
5.3 |
5.3 |
|
|
cisco |
9y ago |
A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS… |
| CVE-2016-9194 |
medium |
6.5 |
6.5 |
|
|
cisco |
9y ago |
A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a den… |
| CVE-2017-3853 |
critical |
9.8 |
9.8 |
|
|
cisco |
9y ago |
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow rem… |
| CVE-2017-3880 |
medium |
6.5 |
6.5 |
|
|
cisco |
9y ago |
An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More In… |
| CVE-2017-3877 |
medium |
6.5 |
6.5 |
|
|
cisco |
9y ago |
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack agains… |
| CVE-2017-3874 |
medium |
5.4 |
5.4 |
|
|
cisco |
9y ago |
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Informati… |
| CVE-2017-3872 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS a… |
| CVE-2017-3871 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive infor… |
| CVE-2017-3870 |
medium |
5.8 |
5.8 |
|
|
cisco |
9y ago |
A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. A… |
| CVE-2017-3869 |
medium |
5.4 |
5.4 |
|
|
cisco |
9y ago |
An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. T… |
| CVE-2017-3868 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-ba… |
| CVE-2017-3866 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web int… |
| CVE-2017-3815 |
medium |
5.3 |
5.3 |
|
|
cisco |
9y ago |
An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerabil… |
| CVE-2017-3811 |
medium |
6.5 |
6.5 |
|
|
cisco |
9y ago |
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More In… |
| CVE-2017-3847 |
medium |
5.4 |
5.4 |
|
|
cisco |
9y ago |
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… |
| CVE-2017-3845 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a u… |
| CVE-2017-3844 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. … |
| CVE-2017-3843 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Informati… |
| CVE-2017-3842 |
medium |
5.3 |
5.3 |
|
|
cisco |
9y ago |
A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information store… |
| CVE-2017-3840 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect V… |
| CVE-2017-3839 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the… |
| CVE-2017-3838 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interf… |
| CVE-2017-3836 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases… |
| CVE-2017-3833 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web i… |
| CVE-2017-3829 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… |
| CVE-2017-3828 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… |
| CVE-2017-3827 |
medium |
5.8 |
5.8 |
|
|
cisco |
9y ago |
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauth… |
| CVE-2017-3821 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Inform… |
| CVE-2017-3822 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the aud… |
| CVE-2017-3814 |
medium |
5.8 |
5.8 |
|
|
cisco |
10y ago |
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More I… |
| CVE-2017-3810 |
medium |
5.4 |
5.4 |
|
|
cisco |
10y ago |
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected s… |
| CVE-2017-3809 |
medium |
5.8 |
5.8 |
|
|
cisco |
10y ago |
A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule ba… |
| CVE-2017-3806 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to injec… |
| CVE-2017-3792 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or … |
| CVE-2017-3791 |
critical |
10.0 |
10.0 |
|
|
cisco |
10y ago |
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability … |
| CVE-2017-3802 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affect… |
| CVE-2017-3800 |
medium |
5.8 |
5.8 |
|
|
cisco |
10y ago |
A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or cont… |
| CVE-2017-3799 |
medium |
5.4 |
5.4 |
|
|
cisco |
10y ago |
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T2… |
| CVE-2017-3798 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS att… |
| CVE-2017-3797 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCv… |
| CVE-2017-3795 |
medium |
5.4 |
5.4 |
|
|
cisco |
10y ago |
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. K… |
| CVE-2016-9222 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us… |
| CVE-2016-9216 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More … |
| CVE-2016-9224 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.… |
| CVE-2016-9223 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privi… |
| CVE-2016-9214 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface… |
| CVE-2016-9209 |
medium |
4.3 |
4.3 |
|
|
cisco |
10y ago |
A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following… |
| CVE-2016-9208 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files i… |
| CVE-2016-9207 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full t… |
| CVE-2016-9206 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Infor… |
| CVE-2016-9204 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus … |
| CVE-2016-9202 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XS… |
| CVE-2016-9200 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the… |
| CVE-2016-9199 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulne… |
| CVE-2016-6471 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage P… |
| CVE-2016-6465 |
medium |
4.3 |
4.3 |
|
|
cisco |
10y ago |
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker … |
| CVE-2016-1411 |
medium |
5.9 |
5.9 |
|
|
cisco |
10y ago |
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SM… |
| CVE-2016-6472 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) at… |
| CVE-2016-6459 |
medium |
5.5 |
5.5 |
|
|
cisco |
10y ago |
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: C… |
| CVE-2016-6457 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… |
| CVE-2016-6454 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute u… |
| CVE-2016-6452 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full admini… |
| CVE-2016-6451 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against… |
| CVE-2016-6448 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerab… |
| CVE-2016-6447 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following produ… |
| CVE-2016-6429 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) att… |
| CVE-2016-6397 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote att… |
| CVE-2016-1423 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to … |
| CVE-2016-6445 |
critical |
9.1 |
9.1 |
|
|
cisco |
10y ago |
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an un… |
| CVE-2016-6440 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information… |
| CVE-2016-6437 |
medium |
5.9 |
5.9 |
|
|
cisco |
10y ago |
A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to … |
| CVE-2016-6436 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script … |
| CVE-2016-6435 |
medium |
6.5 |
7.5 |
EXP |
|
cisco |
10y ago |
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. |
| CVE-2016-6425 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers t… |
| CVE-2016-6418 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted… |
| CVE-2016-6416 |
medium |
5.9 |
5.9 |
|
|
cisco |
10y ago |
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Manageme… |
| CVE-2016-6420 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, ak… |
| CVE-2016-6374 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. |
| CVE-2016-6405 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. |
| CVE-2016-6401 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafte… |
| CVE-2016-6396 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafte… |
| CVE-2016-6395 |
medium |
5.4 |
5.4 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated use… |
| CVE-2016-6394 |
critical |
9.1 |
9.1 |
|
|
cisco |
10y ago |
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug … |
| CVE-2016-6370 |
medium |
4.3 |
4.3 |
|
|
cisco |
10y ago |
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a … |
| CVE-2016-6375 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sendi… |
| CVE-2016-1415 |
medium |
5.5 |
6.5 |
EXP |
|
cisco |
10y ago |
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. |
| CVE-2016-6376 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows r… |
| CVE-2016-1473 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, … |
| CVE-2016-1471 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script … |
| CVE-2016-6365 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspec… |
| CVE-2016-1477 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. |
| CVE-2016-6363 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… |
| CVE-2016-6361 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… |
| CVE-2016-6359 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script … |
