| CVE-2017-3844 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. … |
| CVE-2017-3843 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Informati… |
| CVE-2017-3842 |
medium |
5.3 |
5.3 |
|
|
cisco |
9y ago |
A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information store… |
| CVE-2017-3840 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect V… |
| CVE-2017-3839 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the… |
| CVE-2017-3838 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interf… |
| CVE-2017-3836 |
medium |
4.3 |
4.3 |
|
|
cisco |
9y ago |
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases… |
| CVE-2017-3833 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web i… |
| CVE-2017-3829 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… |
| CVE-2017-3828 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… |
| CVE-2017-3827 |
medium |
5.8 |
5.8 |
|
|
cisco |
9y ago |
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauth… |
| CVE-2017-3821 |
medium |
6.1 |
6.1 |
|
|
cisco |
9y ago |
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Inform… |
| CVE-2017-3822 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the aud… |
| CVE-2017-3814 |
medium |
5.8 |
5.8 |
|
|
cisco |
10y ago |
A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More I… |
| CVE-2017-3810 |
medium |
5.4 |
5.4 |
|
|
cisco |
10y ago |
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected s… |
| CVE-2017-3809 |
medium |
5.8 |
5.8 |
|
|
cisco |
10y ago |
A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule ba… |
| CVE-2017-3806 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to injec… |
| CVE-2017-3802 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affect… |
| CVE-2017-3800 |
medium |
5.8 |
5.8 |
|
|
cisco |
10y ago |
A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or cont… |
| CVE-2017-3799 |
medium |
5.4 |
5.4 |
|
|
cisco |
10y ago |
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T2… |
| CVE-2017-3798 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS att… |
| CVE-2017-3797 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCv… |
| CVE-2017-3795 |
medium |
5.4 |
5.4 |
|
|
cisco |
10y ago |
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. K… |
| CVE-2016-9222 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us… |
| CVE-2016-9216 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More … |
| CVE-2016-9224 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.… |
| CVE-2016-9214 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface… |
| CVE-2016-9209 |
medium |
4.3 |
4.3 |
|
|
cisco |
10y ago |
A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following… |
| CVE-2016-9208 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files i… |
| CVE-2016-9207 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full t… |
| CVE-2016-9206 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Infor… |
| CVE-2016-9204 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus … |
| CVE-2016-9202 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XS… |
| CVE-2016-9200 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the… |
| CVE-2016-9199 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulne… |
| CVE-2016-6471 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage P… |
| CVE-2016-6465 |
medium |
4.3 |
4.3 |
|
|
cisco |
10y ago |
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker … |
| CVE-2016-1411 |
medium |
5.9 |
5.9 |
|
|
cisco |
10y ago |
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SM… |
| CVE-2016-6472 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) at… |
| CVE-2016-6459 |
medium |
5.5 |
5.5 |
|
|
cisco |
10y ago |
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: C… |
| CVE-2016-6457 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… |
| CVE-2016-6454 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute u… |
| CVE-2016-6451 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against… |
| CVE-2016-6429 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) att… |
| CVE-2016-1423 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to … |
| CVE-2016-6440 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information… |
| CVE-2016-6437 |
medium |
5.9 |
5.9 |
|
|
cisco |
10y ago |
A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to … |
| CVE-2016-6436 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script … |
| CVE-2016-6435 |
medium |
6.5 |
7.5 |
EXP |
|
cisco |
10y ago |
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. |
| CVE-2016-6425 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers t… |
| CVE-2016-6418 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted… |
| CVE-2016-6416 |
medium |
5.9 |
5.9 |
|
|
cisco |
10y ago |
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Manageme… |
| CVE-2016-6420 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, ak… |
| CVE-2016-6405 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. |
| CVE-2016-6401 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafte… |
| CVE-2016-6396 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafte… |
| CVE-2016-6395 |
medium |
5.4 |
5.4 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated use… |
| CVE-2016-6370 |
medium |
4.3 |
4.3 |
|
|
cisco |
10y ago |
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a … |
| CVE-2016-6375 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by sendi… |
| CVE-2016-1415 |
medium |
5.5 |
6.5 |
EXP |
|
cisco |
10y ago |
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. |
| CVE-2016-6376 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows r… |
| CVE-2016-1471 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script … |
| CVE-2016-6365 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspec… |
| CVE-2016-1477 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. |
| CVE-2016-6363 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… |
| CVE-2016-6361 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… |
| CVE-2016-6359 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script … |
| CVE-2016-1485 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. |
| CVE-2016-1474 |
medium |
4.3 |
4.3 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a cra… |
| CVE-2016-1467 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813. |
| CVE-2016-1462 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted v… |
| CVE-2016-1460 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. |
| CVE-2016-1452 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. |
| CVE-2016-1451 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary… |
| CVE-2016-1449 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. |
| CVE-2016-1447 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka … |
| CVE-2016-1445 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. |
| CVE-2016-1444 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote att… |
| CVE-2016-1440 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improp… |
| CVE-2016-1439 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a cr… |
| CVE-2016-1437 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID… |
| CVE-2016-1431 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, … |
| CVE-2016-1413 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. |
| CVE-2016-1401 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML vi… |
| CVE-2016-1377 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. |
| CVE-2016-1375 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… |
| CVE-2016-1338 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. |
| CVE-2016-1358 |
medium |
6.4 |
6.4 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration … |
| CVE-2016-1357 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions an… |
| CVE-2016-1356 |
low |
3.7 |
3.7 |
|
|
cisco |
10y ago |
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing dif… |
| CVE-2016-1288 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by lev… |
| CVE-2016-1355 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2016-1354 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,… |
| CVE-2016-1353 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is… |
| CVE-2016-1342 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID C… |
| CVE-2016-1324 |
medium |
5.3 |
5.3 |
|
|
cisco |
11y ago |
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. |
| CVE-2016-1323 |
medium |
4.3 |
4.3 |
|
|
cisco |
11y ago |
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. |
| CVE-2016-1320 |
medium |
6.7 |
6.7 |
|
|
cisco |
11y ago |
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. |
| CVE-2016-1318 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via craft… |
| CVE-2016-1316 |
medium |
5.3 |
5.3 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct r… |
