Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-03 | CVE-2015-6390 | Cross-site Scripting vulnerability in Cisco Unity Connection 9.1(1.10) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741. | 4.3 |
| 2015-12-03 | CVE-2015-6383 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE 15.4(3)S Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130. | 7.2 |
| 2015-12-01 | CVE-2015-6386 | Resource Management Errors vulnerability in Cisco web Security Appliance 8.0.7142/8.5.1021 The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150. | 5.0 |
| 2015-12-01 | CVE-2015-6385 | Improper Input Validation vulnerability in Cisco IOS 15.5(2)S/15.5(3)S The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943. | 7.2 |
| 2015-11-26 | CVE-2015-6382 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 16.0(900) Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. | 5.0 |
| 2015-11-24 | CVE-2015-6380 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | 6.5 |
| 2015-11-24 | CVE-2015-6377 | Resource Management Errors vulnerability in Cisco Virtual Topology System 2.0(0)/2.0(1) Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379. | 7.8 |
| 2015-11-21 | CVE-2015-6376 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1 Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412. | 6.8 |
| 2015-11-21 | CVE-2015-6375 | Information Exposure vulnerability in Cisco IOS 15.2(2)E3 The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | 2.1 |
| 2015-11-19 | CVE-2015-6374 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604. | 4.3 |