| CVE-2014-3272 |
medium |
— |
6.0 |
|
|
cisco |
12y ago |
The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. |
| CVE-2014-3267 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests tha… |
| CVE-2014-3266 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, ak… |
| CVE-2014-3265 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an … |
| CVE-2014-3264 |
medium |
— |
6.3 |
|
|
cisco |
12y ago |
Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug … |
| CVE-2014-2199 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27… |
| CVE-2014-2194 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. |
| CVE-2014-2193 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCu… |
| CVE-2014-2192 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bu… |
| CVE-2014-2132 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of servi… |
| CVE-2014-2191 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via a… |
| CVE-2014-2190 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbit… |
| CVE-2014-0685 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. |
| CVE-2014-2175 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849. |
| CVE-2014-2173 |
high |
— |
7.2 |
|
|
cisco |
12y ago |
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bu… |
| CVE-2014-2172 |
medium |
— |
6.6 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for interna… |
| CVE-2014-2168 |
high |
— |
7.6 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804. |
| CVE-2014-2167 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … |
| CVE-2014-2166 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562. |
| CVE-2014-2165 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … |
| CVE-2014-2164 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … |
| CVE-2014-2163 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua… |
| CVE-2014-2162 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … |
| CVE-2014-2161 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. |
| CVE-2014-2160 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745. |
| CVE-2014-2159 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722. |
| CVE-2014-2158 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. |
| CVE-2014-2157 |
high |
— |
7.1 |
|
|
cisco |
12y ago |
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. |
| CVE-2014-2156 |
high |
— |
7.1 |
|
|
cisco |
12y ago |
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739. |
| CVE-2014-2186 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. |
| CVE-2014-2185 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields … |
| CVE-2014-2184 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. |
| CVE-2014-2180 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a … |
| CVE-2014-2155 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437. |
| CVE-2014-2145 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wa… |
| CVE-2014-2117 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified p… |
| CVE-2014-2116 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. |
| CVE-2014-2115 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary u… |
| CVE-2014-2114 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, … |
| CVE-2014-2138 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,… |
| CVE-2014-2137 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a … |
| CVE-2014-2125 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,… |
| CVE-2014-2118 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web… |
| CVE-2014-0708 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access… |
| CVE-2014-2122 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID … |
| CVE-2014-2121 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug… |
| CVE-2014-0694 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from a… |
| CVE-2014-2104 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrar… |
| CVE-2014-2103 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. |
| CVE-2014-2102 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining t… |
| CVE-2014-0747 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF … |
| CVE-2014-0746 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML docu… |
| CVE-2014-0745 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of a… |
| CVE-2014-0743 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify register… |
| CVE-2014-0742 |
medium |
— |
6.2 |
|
|
cisco |
12y ago |
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or… |
| CVE-2014-0741 |
medium |
— |
6.2 |
|
|
cisco |
12y ago |
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to rea… |
| CVE-2014-0740 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified C… |
| CVE-2014-0731 |
medium |
— |
5.0 |
|
|
cisco |
13y ago |
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, … |
| CVE-2014-0730 |
medium |
— |
6.8 |
|
|
cisco |
13y ago |
Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. |
| CVE-2014-0720 |
high |
— |
7.1 |
|
|
cisco |
13y ago |
Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944. |
| CVE-2014-0719 |
high |
— |
7.8 |
|
|
cisco |
13y ago |
The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted … |
| CVE-2014-0718 |
high |
— |
7.1 |
|
|
cisco |
13y ago |
The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmente… |
| CVE-2014-0710 |
high |
— |
7.1 |
|
|
cisco |
13y ago |
Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (devic… |
| CVE-2014-0733 |
medium |
— |
5.0 |
|
|
cisco |
13y ago |
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote atta… |
| CVE-2014-0736 |
medium |
— |
6.8 |
|
|
cisco |
13y ago |
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote att… |
| CVE-2014-0735 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitr… |
| CVE-2014-0734 |
high |
— |
7.5 |
|
|
cisco |
13y ago |
SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execu… |
| CVE-2014-0732 |
medium |
— |
5.0 |
|
|
cisco |
13y ago |
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remot… |
| CVE-2014-0729 |
high |
— |
7.5 |
|
|
cisco |
13y ago |
SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a craf… |
| CVE-2014-0728 |
high |
— |
7.5 |
|
|
cisco |
13y ago |
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted UR… |
| CVE-2014-0727 |
high |
— |
7.5 |
|
|
cisco |
13y ago |
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via… |
| CVE-2014-0726 |
high |
— |
7.5 |
|
|
cisco |
13y ago |
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands vi… |
| CVE-2014-0725 |
medium |
— |
5.0 |
|
|
cisco |
13y ago |
Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file stora… |
| CVE-2014-0724 |
medium |
— |
4.0 |
|
|
cisco |
13y ago |
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified p… |
| CVE-2014-0723 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via … |
| CVE-2014-0722 |
medium |
— |
5.0 |
|
|
cisco |
13y ago |
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradat… |
| CVE-2014-0686 |
medium |
— |
6.0 |
|
|
cisco |
13y ago |
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul2490… |
| CVE-2014-0682 |
medium |
— |
4.9 |
|
|
cisco |
13y ago |
Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL,… |
| CVE-2014-0681 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a craft… |
| CVE-2014-0678 |
medium |
— |
5.5 |
|
|
cisco |
13y ago |
The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vect… |
| CVE-2014-0674 |
medium |
— |
6.8 |
|
|
cisco |
13y ago |
Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause… |
| CVE-2014-0662 |
high |
— |
7.1 |
|
|
cisco |
13y ago |
The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue9763… |
| CVE-2014-0661 |
high |
— |
8.3 |
|
|
cisco |
13y ago |
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote a… |
| CVE-2014-0660 |
high |
— |
7.1 |
|
|
cisco |
13y ago |
Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360. |
| CVE-2014-0672 |
medium |
— |
4.0 |
|
|
cisco |
13y ago |
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this … |
| CVE-2014-0671 |
medium |
— |
5.8 |
|
|
cisco |
13y ago |
Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. |
| CVE-2014-0670 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID C… |
| CVE-2014-0669 |
medium |
— |
5.0 |
|
|
cisco |
13y ago |
The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions v… |
| CVE-2014-0668 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug… |
| CVE-2014-0667 |
medium |
— |
6.3 |
|
|
cisco |
13y ago |
The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to th… |
| CVE-2014-0666 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently… |
| CVE-2013-6687 |
medium |
— |
4.0 |
|
|
cisco |
13y ago |
The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source co… |
| CVE-2014-0665 |
medium |
— |
4.0 |
|
|
cisco |
13y ago |
The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive … |
| CVE-2014-0664 |
medium |
— |
6.8 |
|
|
cisco |
13y ago |
The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. |
| CVE-2014-0663 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, … |
| CVE-2013-6974 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, … |
| CVE-2014-0657 |
medium |
— |
4.0 |
|
|
cisco |
13y ago |
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-ba… |
| CVE-2014-0656 |
medium |
— |
4.0 |
|
|
cisco |
13y ago |
Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. |
| CVE-2014-0654 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. |
| CVE-2014-0652 |
medium |
— |
4.3 |
|
|
cisco |
13y ago |
Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj… |
