Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-05 | CVE-2016-6416 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. | 5.9 |
| 2016-10-05 | CVE-2016-6392 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message, aka Bug ID CSCud36767. | 7.5 |
| 2016-10-05 | CVE-2016-6386 | Resource Management Errors vulnerability in Cisco products Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remote attackers to cause a denial of service (data-structure corruption and device reload) via fragmented IPv4 packets, aka Bug ID CSCux66005. | 7.5 |
| 2016-10-05 | CVE-2016-6384 | Improper Input Validation vulnerability in Cisco IOS and IOS XE Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257. | 7.5 |
| 2016-10-05 | CVE-2016-6382 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow remote attackers to cause a denial of service (device restart) via a malformed IPv6 Protocol Independent Multicast (PIM) register packet, aka Bug ID CSCuy16399. | 7.5 |
| 2016-10-05 | CVE-2016-6381 | Resource Management Errors vulnerability in Cisco products Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382. | 7.5 |
| 2016-10-05 | CVE-2016-6420 | Information Exposure vulnerability in Cisco Firesight System Software Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. | 6.5 |
| 2016-10-05 | CVE-2016-6419 | SQL Injection vulnerability in Cisco Secure Firewall Management Center SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | 7.5 |
| 2016-09-24 | CVE-2016-6413 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller 1.3(2F) The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. | 7.8 |
| 2016-09-24 | CVE-2016-6412 | Improper Input Validation vulnerability in Cisco IOS 15.6(1)T1 The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773. | 6.5 |