Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-19 | CVE-2016-6459 | OS Command Injection vulnerability in Cisco Telepresence TC Software Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. | 5.5 |
| 2016-11-19 | CVE-2016-6458 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. | 7.5 |
| 2016-11-19 | CVE-2016-6457 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. | 6.5 |
| 2016-11-19 | CVE-2016-6450 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. | 2.5 |
| 2016-11-03 | CVE-2016-6455 | Resource Management Errors vulnerability in Cisco ASR 5000 Software A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. | 7.5 |
| 2016-11-03 | CVE-2016-6454 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Mediation Fulfillment A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. | 6.5 |
| 2016-11-03 | CVE-2016-6453 | SQL Injection vulnerability in Cisco Identity Services Engine 1.3(0.876) A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. | 7.3 |
| 2016-11-03 | CVE-2016-6452 | Improper Authentication vulnerability in Cisco Prime Home 5.0Base/5.1Base/5.2.0 A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. | 9.8 |
| 2016-11-03 | CVE-2016-6451 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 10.6.0 Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 6.1 |
| 2016-11-03 | CVE-2016-6448 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Meeting Server A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 9.8 |