| CVE-2014-3400 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. |
| CVE-2014-3395 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. |
| CVE-2013-3068 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and… |
| CVE-2014-3380 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bu… |
| CVE-2014-3367 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified … |
| CVE-2014-3363 |
low |
— |
3.5 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML vi… |
| CVE-2014-3362 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug … |
| CVE-2014-3342 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. |
| CVE-2014-5868 |
medium |
— |
5.4 |
|
|
cisco |
12y ago |
The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a… |
| CVE-2014-3348 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) v… |
| CVE-2014-3352 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obt… |
| CVE-2014-3351 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive informati… |
| CVE-2014-3350 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL,… |
| CVE-2014-3349 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files … |
| CVE-2014-3346 |
medium |
— |
6.3 |
|
|
cisco |
12y ago |
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated … |
| CVE-2014-3345 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which … |
| CVE-2014-3344 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attack… |
| CVE-2014-3340 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo… |
| CVE-2014-3331 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to c… |
| CVE-2014-3339 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to ex… |
| CVE-2014-3338 |
high |
— |
8.5 |
|
|
cisco |
12y ago |
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to … |
| CVE-2014-3337 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that i… |
| CVE-2014-3336 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSC… |
| CVE-2014-3333 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files … |
| CVE-2014-3332 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecif… |
| CVE-2014-3302 |
medium |
— |
5.8 |
|
|
cisco |
12y ago |
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information… |
| CVE-2014-3329 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2014-3304 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. |
| CVE-2014-3303 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server acces… |
| CVE-2014-3328 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. |
| CVE-2014-3326 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup269… |
| CVE-2014-3324 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web… |
| CVE-2014-3305 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims… |
| CVE-2014-3301 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bu… |
| CVE-2014-3325 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSC… |
| CVE-2014-3323 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. |
| CVE-2014-3320 |
medium |
— |
5.8 |
|
|
cisco |
12y ago |
Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect user… |
| CVE-2014-3319 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted … |
| CVE-2014-3317 |
medium |
— |
5.5 |
|
|
cisco |
12y ago |
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete ar… |
| CVE-2013-6691 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list,… |
| CVE-2013-5567 |
medium |
— |
5.4 |
|
|
cisco |
12y ago |
Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause … |
| CVE-2014-3318 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary … |
| CVE-2014-3316 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted para… |
| CVE-2014-3315 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web s… |
| CVE-2014-3311 |
medium |
— |
5.1 |
|
|
cisco |
12y ago |
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted d… |
| CVE-2014-3310 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to … |
| CVE-2014-3300 |
high |
— |
8.5 |
EXP |
|
cisco |
12y ago |
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows rem… |
| CVE-2014-2198 |
critical |
— |
10.0 |
|
|
cisco |
12y ago |
Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the sup… |
| CVE-2014-2197 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which all… |
| CVE-2014-3298 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML… |
| CVE-2014-3297 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information … |
| CVE-2014-3296 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID C… |
| CVE-2014-2151 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug I… |
| CVE-2014-3294 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-serve… |
| CVE-2014-3292 |
medium |
— |
5.5 |
|
|
cisco |
12y ago |
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL,… |
| CVE-2014-3287 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL co… |
| CVE-2014-3286 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs … |
| CVE-2014-3281 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user informati… |
| CVE-2014-3278 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecifi… |
| CVE-2014-3280 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potent… |
| CVE-2014-3285 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denia… |
| CVE-2014-3283 |
medium |
— |
5.8 |
|
|
cisco |
12y ago |
Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to re… |
| CVE-2014-3282 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authentica… |
| CVE-2014-3279 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers … |
| CVE-2014-3277 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authentica… |
| CVE-2014-3276 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which al… |
| CVE-2014-3275 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted … |
| CVE-2014-3274 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory inf… |
| CVE-2014-3272 |
medium |
— |
6.0 |
|
|
cisco |
12y ago |
The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. |
| CVE-2014-3267 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests tha… |
| CVE-2014-3266 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, ak… |
| CVE-2014-2196 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response,… |
| CVE-2014-3265 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an … |
| CVE-2014-3264 |
medium |
— |
6.3 |
|
|
cisco |
12y ago |
Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug … |
| CVE-2014-2199 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27… |
| CVE-2014-2194 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. |
| CVE-2014-2193 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCu… |
| CVE-2014-2192 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bu… |
| CVE-2014-2136 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of… |
| CVE-2014-2135 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of… |
| CVE-2014-2134 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a d… |
| CVE-2014-2133 |
critical |
— |
9.3 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of… |
| CVE-2014-2132 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of servi… |
| CVE-2014-2191 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via a… |
| CVE-2014-2190 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbit… |
| CVE-2014-0685 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. |
| CVE-2014-2175 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849. |
| CVE-2014-2173 |
high |
— |
7.2 |
|
|
cisco |
12y ago |
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bu… |
| CVE-2014-2172 |
medium |
— |
6.6 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for interna… |
| CVE-2014-2171 |
critical |
— |
10.0 |
|
|
cisco |
12y ago |
Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP … |
| CVE-2014-2170 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as argume… |
| CVE-2014-2169 |
critical |
— |
9.0 |
|
|
cisco |
12y ago |
Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal s… |
| CVE-2014-2168 |
high |
— |
7.6 |
|
|
cisco |
12y ago |
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804. |
| CVE-2014-2167 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … |
| CVE-2014-2166 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562. |
| CVE-2014-2165 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … |
| CVE-2014-2164 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … |
| CVE-2014-2163 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua… |
| CVE-2014-2162 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug … |
| CVE-2014-2161 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. |
