Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2015-03-18	CVE-2015-0664	Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195. local low complexity cisco CWE-20	4.3
2015-03-17	CVE-2015-0665	Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. local low complexity cisco CWE-22	6.6
2015-03-17	CVE-2015-0663	Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392. local low complexity cisco CWE-264	6.6
2015-02-03	CVE-2014-8021	Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client and Hostscan Engine Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149. network cisco CWE-79	4.3
2015-01-14	CVE-2014-3314	Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. network low complexity cisco CWE-20	5.0
2013-11-04	CVE-2013-5559	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139. network cisco CWE-119	6.8
2013-09-20	CVE-2013-1130	Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. local low complexity cisco apple CWE-264	6.8
2013-04-11	CVE-2013-1173	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143. local cisco CWE-119	6.6
2013-04-11	CVE-2013-1172	Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153. local cisco CWE-20	6.6
2012-09-16	CVE-2012-3094	Information Exposure vulnerability in Cisco Anyconnect Secure Mobility Client 3.1.0 The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. network low complexity cisco linux CWE-200	5.0