| CVE-2016-6361 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a… |
| CVE-2016-6359 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script … |
| CVE-2016-1485 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. |
| CVE-2016-1474 |
medium |
4.3 |
4.3 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a cra… |
| CVE-2016-1467 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813. |
| CVE-2016-1462 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted v… |
| CVE-2016-1460 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. |
| CVE-2016-1452 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. |
| CVE-2016-1451 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary… |
| CVE-2016-1449 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. |
| CVE-2016-1447 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka … |
| CVE-2016-1445 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. |
| CVE-2016-1444 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote att… |
| CVE-2016-1440 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improp… |
| CVE-2016-1416 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bu… |
| CVE-2016-1289 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information … |
| CVE-2016-1439 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a cr… |
| CVE-2016-1437 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID… |
| CVE-2016-1431 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, … |
| CVE-2016-1388 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2… |
| CVE-2016-1413 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. |
| CVE-2016-1401 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML vi… |
| CVE-2016-1387 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles aut… |
| CVE-2016-1343 |
critical |
10.0 |
10.0 |
|
|
cisco |
10y ago |
The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in co… |
| CVE-2016-1352 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. |
| CVE-2016-1377 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. |
| CVE-2016-1375 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… |
| CVE-2016-1313 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to… |
| CVE-2016-1291 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POS… |
| CVE-2016-1338 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. |
| CVE-2016-1358 |
medium |
6.4 |
6.4 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration … |
| CVE-2016-1357 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions an… |
| CVE-2016-1356 |
low |
3.7 |
3.7 |
|
|
cisco |
10y ago |
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing dif… |
| CVE-2016-1288 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by lev… |
| CVE-2016-1355 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2016-1354 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,… |
| CVE-2016-1353 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is… |
| CVE-2016-1342 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID C… |
| CVE-2016-1324 |
medium |
5.3 |
5.3 |
|
|
cisco |
11y ago |
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. |
| CVE-2016-1323 |
medium |
4.3 |
4.3 |
|
|
cisco |
11y ago |
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. |
| CVE-2016-1320 |
medium |
6.7 |
6.7 |
|
|
cisco |
11y ago |
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. |
| CVE-2016-1318 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via craft… |
| CVE-2016-1316 |
medium |
5.3 |
5.3 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct r… |
| CVE-2016-1309 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01… |
| CVE-2016-1305 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vecto… |
| CVE-2016-1311 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, ak… |
| CVE-2016-1304 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. |
| CVE-2016-1300 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. |
| CVE-2016-1298 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via ve… |
| CVE-2015-6337 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a … |
| CVE-2015-6317 |
medium |
6.5 |
6.5 |
|
|
cisco |
11y ago |
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. |
| CVE-2015-6435 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows r… |
| CVE-2016-1294 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug… |
| CVE-2016-1293 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspe… |
| CVE-2015-6323 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrativ… |
| CVE-2015-6314 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bu… |
| CVE-2015-6434 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted we… |
| CVE-2015-6433 |
medium |
6.5 |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. |
| CVE-2015-6409 |
medium |
5.9 |
5.9 |
|
|
cisco |
11y ago |
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSC… |
| CVE-2015-6427 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka … |
| CVE-2015-6425 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session … |
| CVE-2015-6411 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by… |
| CVE-2015-6404 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SO… |
| CVE-2015-6399 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted param… |
| CVE-2015-4206 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. |
| CVE-2015-6422 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed reques… |
| CVE-2015-6416 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafte… |
| CVE-2015-6410 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-re… |
| CVE-2015-6378 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. |
| CVE-2015-6418 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS… |
| CVE-2015-6414 |
low |
— |
2.1 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protecti… |
| CVE-2015-6413 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiti… |
| CVE-2015-6407 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. |
| CVE-2015-6406 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv… |
| CVE-2015-6405 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. |
| CVE-2015-6400 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. |
| CVE-2015-6389 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account'… |
| CVE-2015-6419 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. |
| CVE-2015-6408 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. |
| CVE-2015-6417 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to databa… |
| CVE-2015-6395 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID C… |
| CVE-2015-6388 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. |
| CVE-2015-6387 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL,… |
| CVE-2015-6384 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted applic… |
| CVE-2015-6390 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, a… |
| CVE-2015-6386 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions… |
| CVE-2015-6382 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. |
| CVE-2015-6376 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv… |
| CVE-2015-6357 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle at… |
| CVE-2015-6330 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. |
| CVE-2015-6364 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka … |
| CVE-2015-6363 |
low |
— |
3.5 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or… |
| CVE-2015-6362 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by… |
| CVE-2015-6316 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by … |
| CVE-2015-6298 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) device… |
| CVE-2015-4282 |
medium |
— |
6.9 |
|
|
cisco |
11y ago |
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv405… |
| CVE-2015-6356 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. |
| CVE-2015-6355 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug… |
| CVE-2015-6354 |
low |
— |
3.5 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified p… |
| CVE-2015-6353 |
low |
— |
3.5 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML… |
