Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-12 | CVE-2015-6419 | Information Exposure vulnerability in Cisco Firesight System Software Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. | 6.8 |
| 2015-12-12 | CVE-2015-6415 | Resource Management Errors vulnerability in Cisco Unified Computing System 2.2(3F)A Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. | 7.1 |
| 2015-12-12 | CVE-2015-6408 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | 6.8 |
| 2015-12-12 | CVE-2015-6417 | Permissions, Privileges, and Access Controls vulnerability in Cisco Videoscape Distribution Suite Service Manager Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. | 6.5 |
| 2015-12-12 | CVE-2015-6395 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Service Catalog Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. | 6.5 |
| 2015-12-05 | CVE-2015-6394 | Resource Management Errors vulnerability in Cisco Nx-Os 5.2(9)N1(1) The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. | 4.9 |
| 2015-12-05 | CVE-2015-6391 | Resource Management Errors vulnerability in Cisco Unified SIP Phone 3900 Firmware Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331. | 7.8 |
| 2015-12-05 | CVE-2015-6388 | Security Bypass vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. | 5.0 |
| 2015-12-05 | CVE-2015-6387 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. | 4.3 |
| 2015-12-05 | CVE-2015-6384 | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings 8.0Base The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. | 4.3 |