Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-14 | CVE-2015-6364 | Information Exposure vulnerability in Cisco Videoscape Distribution Suite Service Manager 3.0.0/3.1.0/3.2.0 Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960. | 5.0 |
2015-11-13 | CVE-2015-6366 | Improper Access Control vulnerability in Cisco IOS 15.2(4)M6/15.4(3)S Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. | 5.0 |
2015-11-12 | CVE-2015-6363 | Cross-site Scripting vulnerability in Cisco Firesight System Software 5.4.1.4/6.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396. | 3.5 |
2015-11-10 | CVE-2015-6362 | Permissions, Privileges, and Access Controls vulnerability in Cisco Connected Grid Network Management System 3.0(0.35)/3.0(0.54) The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. | 4.0 |
2015-11-06 | CVE-2015-6316 | Credentials Management vulnerability in Cisco Mobility Services Engine The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | 6.5 |
2015-11-06 | CVE-2015-6298 | OS Command Injection vulnerability in Cisco web Security Appliance 8.5.0497 The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | 9.0 |
2015-11-06 | CVE-2015-6292 | Resource Management Errors vulnerability in Cisco web Security Appliance The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922. | 7.8 |
2015-11-06 | CVE-2015-4282 | Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | 6.9 |
2015-11-06 | CVE-2015-6321 | Resource Management Errors vulnerability in Cisco products Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and CSCzv95795. | 7.8 |
2015-11-06 | CVE-2015-6293 | Resource Management Errors vulnerability in Cisco web Security Appliance Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. | 7.8 |