Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-14 | CVE-2015-6378 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 5.5.2 Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. | 6.8 |
| 2015-12-13 | CVE-2015-6418 | Information Exposure vulnerability in Cisco products The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. | 4.3 |
| 2015-12-13 | CVE-2015-6414 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software X8.6 Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516. | 2.1 |
| 2015-12-13 | CVE-2015-6413 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Server Software X8.6 Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. | 4.0 |
| 2015-12-13 | CVE-2015-6407 | Improper Input Validation vulnerability in Cisco Emergency Responder 10.5(3.10000.9) Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. | 4.0 |
| 2015-12-13 | CVE-2015-6406 | Path Traversal vulnerability in Cisco Emergency Responder 10.5(1.10000.5) Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. | 4.0 |
| 2015-12-13 | CVE-2015-6405 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1A) Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. | 6.8 |
| 2015-12-13 | CVE-2015-6400 | Cross-site Scripting vulnerability in Cisco Emergency Responder 10.5(1A) Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. | 4.3 |
| 2015-12-13 | CVE-2015-6389 | Improper Authentication vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0 Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707. | 9.0 |
| 2015-12-13 | CVE-2015-6361 | Improper Input Validation vulnerability in Cisco Dpc3939 Wireless Residential Voice Gateway Firmware 121109Acmcstbase The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170. | 6.5 |