| CVE-2015-0700 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attac… |
| CVE-2015-0699 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands … |
| CVE-2015-0698 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject ar… |
| CVE-2015-0696 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbi… |
| CVE-2015-0684 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified… |
| CVE-2015-0683 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. |
| CVE-2015-0682 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. |
| CVE-2015-0680 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq4… |
| CVE-2015-0671 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consump… |
| CVE-2015-0668 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified ve… |
| CVE-2015-0664 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted m… |
| CVE-2015-0665 |
medium |
— |
6.6 |
|
|
cisco |
11y ago |
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. |
| CVE-2015-0663 |
medium |
— |
6.6 |
|
|
cisco |
11y ago |
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages,… |
| CVE-2014-2130 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configu… |
| CVE-2015-0655 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vect… |
| CVE-2015-0651 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows… |
| CVE-2015-0594 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers… |
| CVE-2015-0633 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending cr… |
| CVE-2015-0626 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. |
| CVE-2015-0620 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via P… |
| CVE-2015-0617 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13… |
| CVE-2014-8023 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users t… |
| CVE-2015-0580 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute ar… |
| CVE-2014-3365 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the… |
| CVE-2014-2153 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID … |
| CVE-2014-2152 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. |
| CVE-2014-2147 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspe… |
| CVE-2013-5557 |
medium |
— |
6.3 |
|
|
cisco |
12y ago |
The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of servic… |
| CVE-2014-8021 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitra… |
| CVE-2015-0597 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67… |
| CVE-2015-0596 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. |
| CVE-2015-0595 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. |
| CVE-2014-8008 |
medium |
— |
7.8 |
EXP |
|
cisco |
12y ago |
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full p… |
| CVE-2015-0590 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action… |
| CVE-2015-0591 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. |
| CVE-2015-0588 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. |
| CVE-2014-8034 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing username… |
| CVE-2014-8022 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSC… |
| CVE-2015-0583 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. |
| CVE-2015-0579 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, … |
| CVE-2014-3314 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka … |
| CVE-2014-8036 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. |
| CVE-2014-8035 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts… |
| CVE-2014-8020 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malfo… |
| CVE-2014-8033 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. |
| CVE-2014-8032 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. |
| CVE-2014-8031 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. |
| CVE-2014-8030 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. |
| CVE-2014-8029 |
medium |
— |
5.8 |
|
|
cisco |
12y ago |
Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspe… |
| CVE-2014-8028 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified para… |
| CVE-2014-8027 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via … |
| CVE-2014-7994 |
medium |
— |
5.4 |
|
|
cisco |
12y ago |
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and … |
| CVE-2014-7993 |
low |
— |
3.3 |
|
|
cisco |
12y ago |
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local networ… |
| CVE-2014-8026 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074. |
| CVE-2014-8025 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug I… |
| CVE-2014-8024 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST re… |
| CVE-2014-8018 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers… |
| CVE-2014-8017 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a re… |
| CVE-2014-8015 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur6440… |
| CVE-2014-8019 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148. |
| CVE-2014-8007 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. |
| CVE-2014-3364 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML v… |
| CVE-2014-8010 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. |
| CVE-2014-8009 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. |
| CVE-2014-3407 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers … |
| CVE-2014-8000 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enum… |
| CVE-2014-7991 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which … |
| CVE-2014-7988 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. |
| CVE-2014-3375 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML vi… |
| CVE-2014-3374 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via … |
| CVE-2014-3373 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web sc… |
| CVE-2014-3372 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML vi… |
| CVE-2014-3366 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka… |
| CVE-2014-3408 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80… |
| CVE-2014-3402 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens,… |
| CVE-2014-3394 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) all… |
| CVE-2014-3391 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external mem… |
| CVE-2014-3390 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root acc… |
| CVE-2014-3399 |
medium |
— |
5.5 |
|
|
cisco |
12y ago |
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows… |
| CVE-2014-3400 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. |
| CVE-2014-3395 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. |
| CVE-2013-3068 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and… |
| CVE-2014-3380 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bu… |
| CVE-2014-3367 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified … |
| CVE-2014-3363 |
low |
— |
3.5 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML vi… |
| CVE-2014-3342 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. |
| CVE-2014-5868 |
medium |
— |
5.4 |
|
|
cisco |
12y ago |
The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a… |
| CVE-2014-3348 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) v… |
| CVE-2014-3352 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obt… |
| CVE-2014-3351 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive informati… |
| CVE-2014-3350 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL,… |
| CVE-2014-3349 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files … |
| CVE-2014-3346 |
medium |
— |
6.3 |
|
|
cisco |
12y ago |
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated … |
| CVE-2014-3345 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which … |
| CVE-2014-3344 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attack… |
| CVE-2014-3340 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo… |
| CVE-2014-3331 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to c… |
| CVE-2014-3339 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to ex… |
| CVE-2014-3337 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that i… |
| CVE-2014-3336 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSC… |
