| CVE-2015-4259 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle at… |
| CVE-2015-4260 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14… |
| CVE-2015-4244 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these comma… |
| CVE-2015-4257 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCu… |
| CVE-2015-4256 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu9… |
| CVE-2015-4255 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CS… |
| CVE-2015-4253 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug I… |
| CVE-2015-4252 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID… |
| CVE-2015-4242 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary u… |
| CVE-2015-4240 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656. |
| CVE-2015-4196 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by lever… |
| CVE-2015-4239 |
medium |
— |
6.1 |
|
|
cisco |
11y ago |
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local networ… |
| CVE-2015-4228 |
medium |
— |
5.4 |
|
|
cisco |
11y ago |
Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999. |
| CVE-2015-4233 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. |
| CVE-2015-4229 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. |
| CVE-2015-4222 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug… |
| CVE-2015-4221 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and conse… |
| CVE-2015-4217 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the… |
| CVE-2015-4216 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the… |
| CVE-2015-4220 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. |
| CVE-2015-4219 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows… |
| CVE-2015-4218 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs… |
| CVE-2015-4214 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. |
| CVE-2015-4212 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466. |
| CVE-2015-4211 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. |
| CVE-2015-4208 |
high |
— |
7.5 |
|
|
cisco |
11y ago |
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors i… |
| CVE-2015-4210 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. |
| CVE-2015-4209 |
medium |
— |
6.4 |
|
|
cisco |
11y ago |
Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and… |
| CVE-2015-4207 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-r… |
| CVE-2015-4189 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. |
| CVE-2015-4201 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Ses… |
| CVE-2015-4194 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privilege… |
| CVE-2015-4190 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. |
| CVE-2015-4188 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu299… |
| CVE-2015-4183 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. |
| CVE-2015-4182 |
medium |
— |
5.5 |
|
|
cisco |
11y ago |
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or chang… |
| CVE-2015-0772 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in … |
| CVE-2015-0768 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated u… |
| CVE-2015-0774 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID … |
| CVE-2015-0773 |
medium |
— |
5.5 |
|
|
cisco |
11y ago |
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSC… |
| CVE-2015-0737 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST paramete… |
| CVE-2015-0770 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP resp… |
| CVE-2015-0766 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject ar… |
| CVE-2015-0764 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. |
| CVE-2015-0763 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. |
| CVE-2015-0762 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script o… |
| CVE-2015-0761 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileg… |
| CVE-2015-0760 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCu… |
| CVE-2015-0758 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with a… |
| CVE-2015-0747 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. |
| CVE-2015-0757 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by read… |
| CVE-2015-0756 |
medium |
— |
6.1 |
|
|
cisco |
11y ago |
Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka B… |
| CVE-2015-0755 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug… |
| CVE-2015-0754 |
high |
— |
7.5 |
|
|
cisco |
11y ago |
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. |
| CVE-2015-0753 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified… |
| CVE-2015-0752 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… |
| CVE-2015-0751 |
high |
— |
7.8 |
|
|
cisco |
11y ago |
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. |
| CVE-2015-0722 |
high |
— |
7.8 |
|
|
cisco |
11y ago |
The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a… |
| CVE-2015-0713 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.… |
| CVE-2014-2174 |
high |
— |
8.3 |
|
|
cisco |
11y ago |
Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local… |
| CVE-2015-0750 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fiel… |
| CVE-2015-0746 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. |
| CVE-2015-0742 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 10… |
| CVE-2015-0741 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of… |
| CVE-2015-0740 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. |
| CVE-2015-0739 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Con… |
| CVE-2015-0735 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. |
| CVE-2015-0730 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug… |
| CVE-2015-0729 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion atta… |
| CVE-2015-0717 |
medium |
— |
6.9 |
|
|
cisco |
11y ago |
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
| CVE-2015-0736 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. |
| CVE-2015-0728 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002. |
| CVE-2015-0727 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID C… |
| CVE-2015-0634 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted … |
| CVE-2015-0716 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitr… |
| CVE-2015-0715 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspe… |
| CVE-2015-0701 |
critical |
— |
10.0 |
|
|
cisco |
11y ago |
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. |
| CVE-2015-0714 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parame… |
| CVE-2015-0707 |
low |
— |
3.5 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML v… |
| CVE-2015-0706 |
medium |
— |
5.8 |
|
|
cisco |
11y ago |
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct … |
| CVE-2015-0705 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of … |
| CVE-2015-0704 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CS… |
| CVE-2015-0703 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vect… |
| CVE-2015-0702 |
critical |
— |
9.0 |
|
|
cisco |
11y ago |
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the lang… |
| CVE-2015-0700 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attac… |
| CVE-2015-0691 |
critical |
— |
9.3 |
|
|
cisco |
11y ago |
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. |
| CVE-2015-0699 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands … |
| CVE-2015-0698 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject ar… |
| CVE-2015-0696 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbi… |
| CVE-2015-0693 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execut… |
| CVE-2015-0692 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execut… |
| CVE-2015-0616 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allow… |
| CVE-2015-0615 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows… |
| CVE-2015-0614 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integ… |
| CVE-2015-0613 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integ… |
| CVE-2015-0612 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allow… |
| CVE-2015-0684 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified… |
| CVE-2015-0683 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. |
| CVE-2015-0682 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. |
| CVE-2015-0680 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq4… |
