| CVE-2016-1393 |
high |
7.1 |
7.1 |
|
|
cisco |
10y ago |
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy721… |
| CVE-2016-1392 |
high |
7.4 |
7.4 |
|
|
cisco |
10y ago |
Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspeci… |
| CVE-2016-1387 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles aut… |
| CVE-2016-1373 |
high |
8.6 |
8.6 |
|
|
cisco |
10y ago |
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10… |
| CVE-2016-1369 |
high |
7.5 |
7.5 |
|
|
cisco |
10y ago |
The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows re… |
| CVE-2016-1368 |
high |
7.5 |
7.5 |
|
|
cisco |
10y ago |
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these app… |
| CVE-2016-1343 |
critical |
10.0 |
10.0 |
|
|
cisco |
10y ago |
The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in co… |
| CVE-2016-4349 |
high |
7.8 |
7.8 |
|
|
cisco |
10y ago |
Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, props… |
| CVE-2016-1389 |
high |
7.4 |
7.4 |
|
|
cisco |
10y ago |
Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID… |
| CVE-2016-1386 |
high |
7.5 |
7.5 |
|
|
cisco |
10y ago |
The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka B… |
| CVE-2016-1364 |
high |
7.5 |
7.5 |
|
|
cisco |
10y ago |
Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjo… |
| CVE-2015-6360 |
high |
7.5 |
7.5 |
|
|
cisco |
10y ago |
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. |
| CVE-2016-1340 |
high |
8.4 |
8.4 |
|
|
cisco |
10y ago |
Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename argum… |
| CVE-2016-1339 |
high |
7.8 |
7.8 |
|
|
cisco |
10y ago |
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68… |
| CVE-2016-1352 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. |
| CVE-2016-1377 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. |
| CVE-2016-1375 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… |
| CVE-2016-1313 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to… |
| CVE-2016-1291 |
critical |
9.8 |
9.8 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POS… |
| CVE-2016-1290 |
high |
8.1 |
8.1 |
|
|
cisco |
10y ago |
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gai… |
| CVE-2016-1345 |
high |
7.5 |
7.5 |
|
|
cisco |
10y ago |
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka B… |
| CVE-2016-1360 |
high |
7.1 |
7.1 |
|
|
cisco |
10y ago |
Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveragin… |
| CVE-2016-1338 |
medium |
6.5 |
6.5 |
|
|
cisco |
10y ago |
Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. |
| CVE-2016-1359 |
high |
8.8 |
8.8 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. |
| CVE-2016-1358 |
medium |
6.4 |
6.4 |
|
|
cisco |
10y ago |
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration … |
| CVE-2016-1357 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions an… |
| CVE-2016-1356 |
low |
3.7 |
3.7 |
|
|
cisco |
10y ago |
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing dif… |
| CVE-2016-1288 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by lev… |
| CVE-2015-0718 |
high |
7.5 |
7.5 |
|
|
cisco |
10y ago |
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload… |
| CVE-2016-1355 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2016-1354 |
medium |
6.1 |
6.1 |
|
|
cisco |
10y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,… |
| CVE-2016-1353 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is… |
| CVE-2016-1342 |
medium |
5.3 |
5.3 |
|
|
cisco |
10y ago |
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID C… |
| CVE-2016-1297 |
high |
8.8 |
8.8 |
|
|
cisco |
10y ago |
The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with … |
| CVE-2016-1335 |
high |
7.5 |
7.5 |
|
|
cisco |
10y ago |
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote auth… |
| CVE-2016-1324 |
medium |
5.3 |
5.3 |
|
|
cisco |
11y ago |
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. |
| CVE-2016-1323 |
medium |
4.3 |
4.3 |
|
|
cisco |
11y ago |
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. |
| CVE-2016-1322 |
high |
7.5 |
7.5 |
|
|
cisco |
11y ago |
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. |
| CVE-2016-1320 |
medium |
6.7 |
6.7 |
|
|
cisco |
11y ago |
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. |
| CVE-2016-1318 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via craft… |
| CVE-2016-1316 |
medium |
5.3 |
5.3 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct r… |
| CVE-2016-1309 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01… |
| CVE-2016-1305 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vecto… |
| CVE-2016-1301 |
high |
8.8 |
8.8 |
|
|
cisco |
11y ago |
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to c… |
| CVE-2016-1311 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, ak… |
| CVE-2016-1304 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. |
| CVE-2016-1300 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. |
| CVE-2015-6421 |
high |
7.5 |
7.5 |
|
|
cisco |
11y ago |
cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to… |
| CVE-2016-1298 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via ve… |
| CVE-2015-6337 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a … |
| CVE-2015-6317 |
medium |
6.5 |
6.5 |
|
|
cisco |
11y ago |
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. |
| CVE-2015-6435 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows r… |
| CVE-2016-1296 |
high |
7.5 |
7.5 |
|
|
cisco |
11y ago |
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP met… |
| CVE-2016-1294 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug… |
| CVE-2016-1293 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspe… |
| CVE-2015-6323 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrativ… |
| CVE-2015-6314 |
critical |
9.8 |
9.8 |
|
|
cisco |
11y ago |
Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bu… |
| CVE-2015-6434 |
medium |
6.1 |
6.1 |
|
|
cisco |
11y ago |
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted we… |
| CVE-2015-6433 |
medium |
6.5 |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. |
| CVE-2015-6409 |
medium |
5.9 |
5.9 |
|
|
cisco |
11y ago |
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSC… |
| CVE-2015-6427 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka … |
| CVE-2015-6426 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CS… |
| CVE-2015-6424 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspeci… |
| CVE-2015-6425 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session … |
| CVE-2015-6411 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by… |
| CVE-2015-6404 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SO… |
| CVE-2015-6399 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted param… |
| CVE-2015-4206 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. |
| CVE-2015-6422 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed reques… |
| CVE-2015-6416 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafte… |
| CVE-2015-6410 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-re… |
| CVE-2015-6378 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. |
| CVE-2015-6418 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS… |
| CVE-2015-6414 |
low |
— |
2.1 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protecti… |
| CVE-2015-6413 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiti… |
| CVE-2015-6407 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. |
| CVE-2015-6406 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv… |
| CVE-2015-6405 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. |
| CVE-2015-6400 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. |
| CVE-2015-6389 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account'… |
| CVE-2015-6419 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. |
| CVE-2015-6408 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. |
| CVE-2015-6417 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to databa… |
| CVE-2015-6395 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID C… |
| CVE-2015-6388 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. |
| CVE-2015-6387 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL,… |
| CVE-2015-6384 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted applic… |
| CVE-2015-6390 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, a… |
| CVE-2015-6386 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions… |
| CVE-2015-6382 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. |
| CVE-2015-6377 |
high |
— |
7.8 |
|
|
cisco |
11y ago |
Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bu… |
| CVE-2015-6376 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv… |
| CVE-2015-6357 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle at… |
| CVE-2015-6330 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. |
| CVE-2015-6364 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka … |
| CVE-2015-6363 |
low |
— |
3.5 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or… |
| CVE-2015-6362 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by… |
| CVE-2015-6316 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by … |
| CVE-2015-6298 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) device… |
| CVE-2015-6292 |
high |
— |
7.8 |
|
|
cisco |
11y ago |
The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WS… |
