| CVE-2016-1305 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vecto… |
| CVE-2016-1311 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, ak… |
| CVE-2016-1304 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. |
| CVE-2016-1300 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. |
| CVE-2016-1298 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via ve… |
| CVE-2015-6337 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a … |
| CVE-2015-6317 |
medium |
6.5 |
6.5 |
|
|
cisco |
11y ago |
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. |
| CVE-2016-1294 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug… |
| CVE-2016-1293 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspe… |
| CVE-2015-6434 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted we… |
| CVE-2015-6433 |
medium |
6.5 |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. |
| CVE-2015-6409 |
medium |
5.9 |
5.9 |
|
|
cisco |
11y ago |
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSC… |
| CVE-2015-6427 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka … |
| CVE-2015-6425 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session … |
| CVE-2015-6411 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by… |
| CVE-2015-6404 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SO… |
| CVE-2015-6399 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted param… |
| CVE-2015-4206 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. |
| CVE-2015-6422 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed reques… |
| CVE-2015-6416 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafte… |
| CVE-2015-6410 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-re… |
| CVE-2015-6378 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. |
| CVE-2015-6418 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS… |
| CVE-2015-6413 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiti… |
| CVE-2015-6407 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. |
| CVE-2015-6406 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv… |
| CVE-2015-6405 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. |
| CVE-2015-6400 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. |
| CVE-2015-6419 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. |
| CVE-2015-6408 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. |
| CVE-2015-6417 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to databa… |
| CVE-2015-6395 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID C… |
| CVE-2015-6388 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. |
| CVE-2015-6387 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL,… |
| CVE-2015-6384 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted applic… |
| CVE-2015-6390 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, a… |
| CVE-2015-6386 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions… |
| CVE-2015-6382 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. |
| CVE-2015-6376 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv… |
| CVE-2015-6357 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle at… |
| CVE-2015-6330 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. |
| CVE-2015-6364 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka … |
| CVE-2015-6362 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by… |
| CVE-2015-6316 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by … |
| CVE-2015-4282 |
medium |
— |
6.9 |
|
|
cisco |
11y ago |
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv405… |
| CVE-2015-6356 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. |
| CVE-2015-6355 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug… |
| CVE-2015-6352 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to ma… |
| CVE-2015-6351 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header… |
| CVE-2015-6350 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. |
| CVE-2015-6349 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HT… |
| CVE-2015-6348 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read repor… |
| CVE-2015-6347 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an uns… |
| CVE-2015-6346 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-6345 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug… |
| CVE-2015-6340 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) … |
| CVE-2015-6332 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830. |
| CVE-2015-6328 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID … |
| CVE-2015-6331 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID… |
| CVE-2015-6329 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. |
| CVE-2015-6322 |
medium |
— |
6.6 |
|
|
cisco |
11y ago |
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-… |
| CVE-2015-6318 |
medium |
— |
6.9 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. |
| CVE-2015-4325 |
medium |
— |
6.9 |
|
|
cisco |
11y ago |
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process… |
| CVE-2015-4265 |
medium |
— |
4.9 |
|
|
cisco |
11y ago |
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C… |
| CVE-2015-6311 |
medium |
— |
6.1 |
|
|
cisco |
11y ago |
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i manage… |
| CVE-2015-6310 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request,… |
| CVE-2015-6307 |
medium |
— |
6.1 |
|
|
cisco |
11y ago |
Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu1… |
| CVE-2015-6304 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut6… |
| CVE-2015-6303 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … |
| CVE-2015-6300 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, a… |
| CVE-2015-6299 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug… |
| CVE-2015-4305 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP… |
| CVE-2015-6290 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. |
| CVE-2015-6288 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application… |
| CVE-2015-6287 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bu… |
| CVE-2015-6286 |
medium |
— |
5.7 |
|
|
cisco |
11y ago |
Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID … |
| CVE-2015-6277 |
medium |
— |
6.1 |
|
|
cisco |
11y ago |
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and … |
| CVE-2015-6274 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassemb… |
| CVE-2015-4330 |
medium |
— |
6.9 |
|
|
cisco |
11y ago |
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv105… |
| CVE-2015-6266 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from custom… |
| CVE-2015-6261 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile an… |
| CVE-2015-6262 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 a… |
| CVE-2015-6256 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv628… |
| CVE-2015-4318 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. |
| CVE-2015-4329 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID … |
| CVE-2015-4319 |
medium |
— |
5.5 |
|
|
cisco |
11y ago |
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authent… |
| CVE-2015-4316 |
medium |
— |
5.5 |
|
|
cisco |
11y ago |
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, whic… |
| CVE-2015-4303 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parame… |
| CVE-2015-4328 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS comma… |
| CVE-2015-4320 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, … |
| CVE-2015-4317 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. |
| CVE-2015-4315 |
medium |
— |
5.5 |
|
|
cisco |
11y ago |
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitra… |
| CVE-2015-4314 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the sna… |
| CVE-2015-4323 |
medium |
— |
6.1 |
|
|
cisco |
11y ago |
Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus … |
| CVE-2015-4310 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request,… |
| CVE-2015-6255 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug … |
| CVE-2015-4324 |
medium |
— |
6.1 |
|
|
cisco |
11y ago |
Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexu… |
| CVE-2015-4322 |
medium |
— |
5.5 |
|
|
cisco |
11y ago |
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users t… |
| CVE-2015-4299 |
medium |
— |
5.5 |
|
|
cisco |
11y ago |
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vec… |
| CVE-2015-4298 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors,… |
