Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-15 | CVE-2015-6404 | Information Exposure vulnerability in Cisco Hosted Collaboration Solution 10.6(3)Base Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. | 4.0 |
| 2015-12-15 | CVE-2015-6403 | Improper Input Validation vulnerability in Cisco Spa300 Firmware and Spa500 Firmware The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. | 7.2 |
| 2015-12-15 | CVE-2015-6399 | Resource Management Errors vulnerability in Cisco Integrated Management Controller Supervisor 1.0.0.0/1.0.0.1 The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. | 6.8 |
| 2015-12-15 | CVE-2015-6359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. | 6.1 |
| 2015-12-15 | CVE-2015-4206 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | 4.3 |
| 2015-12-14 | CVE-2015-6422 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.6.1 The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | 4.0 |
| 2015-12-14 | CVE-2015-6416 | Cross-site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager 11.0(1) Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. | 4.3 |
| 2015-12-14 | CVE-2015-6410 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5 The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283. | 4.0 |
| 2015-12-14 | CVE-2015-6402 | Cross-site Scripting vulnerability in Cisco Epc3928 Docsis 3.0 8X4 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.10/5.5.11/5.7.1 Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935. | 4.3 |
| 2015-12-14 | CVE-2015-6401 | Improper Authentication vulnerability in Cisco Epc3928 Docsis 3.0 8X4 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.10/5.5.11/5.7.1 Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941. | 7.5 |