Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-23 | CVE-2014-1296 | Permissions, Privileges, and Access Controls vulnerability in Apple products CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. | 4.3 |
| 2014-04-23 | CVE-2014-1295 | Improper Authentication vulnerability in Apple Iphone OS, mac OS X and Tvos Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | 6.8 |
| 2014-04-23 | CVE-2012-5427 | Improper Input Validation vulnerability in Cisco IOS Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. | 4.0 |
| 2014-04-23 | CVE-2012-5422 | Denial-Of-Service vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. | 6.8 |
| 2014-04-23 | CVE-2012-5044 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. | 5.4 |
| 2014-04-23 | CVE-2012-5039 | Resource Management Errors vulnerability in Cisco IOS The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. | 4.3 |
| 2014-04-23 | CVE-2012-5037 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | 4.6 |
| 2014-04-23 | CVE-2012-5036 | Resource Management Errors vulnerability in Cisco IOS Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | 6.8 |
| 2014-04-23 | CVE-2012-5032 | Improper Authentication vulnerability in Cisco IOS The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. | 6.4 |
| 2014-04-23 | CVE-2012-5017 | Improper Input Validation vulnerability in Cisco products Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. | 6.8 |