Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-04-16 | CVE-2016-1339 | OS Command Injection vulnerability in Cisco Unified Computing System Platform Emulator 2.5(2)Ts4/3.0(2C)A/3.0(2C)Ts9 Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832. | 7.2 |
2016-04-14 | CVE-2016-1378 | Information Exposure vulnerability in Cisco IOS Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591. | 5.0 |
2016-04-14 | CVE-2016-1352 | OS Command Injection vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. | 7.5 |
2016-04-12 | CVE-2016-1377 | Cross-site Scripting vulnerability in Cisco Unity Connection Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. | 4.3 |
2016-04-12 | CVE-2016-1376 | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548. | 5.0 |
2016-04-08 | CVE-2016-1375 | Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10 Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. | 4.3 |
2016-04-06 | CVE-2016-1346 | Resource Management Errors vulnerability in Cisco Telepresence Server Software The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. | 7.1 |
2016-04-06 | CVE-2016-1313 | Permissions, Privileges, and Access Controls vulnerability in Cisco UCS Invicta C3124Sa Appliance 4.3.1/4.5.0/5.0.1 Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. | 10.0 |
2016-04-06 | CVE-2016-1291 | Improper Input Validation vulnerability in Cisco products Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | 9.3 |
2016-04-06 | CVE-2016-1290 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | 5.5 |