Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-06 | CVE-2015-6291 | Improper Input Validation vulnerability in Cisco Email Security Appliance Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151. | 7.8 |
| 2015-11-04 | CVE-2015-6356 | Cross-site Scripting vulnerability in Cisco Socialminer 10.0(1) Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. | 4.3 |
| 2015-11-04 | CVE-2015-6355 | Information Exposure vulnerability in Cisco Unified Computing System 2.2(5B)A The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. | 5.0 |
| 2015-10-31 | CVE-2015-6354 | Cross-site Scripting vulnerability in Cisco Firesight System Software 5.4.1.3/6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. | 3.5 |
| 2015-10-31 | CVE-2015-6353 | Cross-site Scripting vulnerability in Cisco Firesight System Software Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922. | 3.5 |
| 2015-10-31 | CVE-2015-6343 | Resource Management Errors vulnerability in Cisco IOS 15.5(3)M The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | 5.0 |
| 2015-10-30 | CVE-2015-6352 | Information Exposure vulnerability in Cisco products Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | 4.3 |
| 2015-10-30 | CVE-2015-6351 | Improper Input Validation vulnerability in Cisco ASR 5000 Software 19.1.0.61559/19.2.0 Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. | 5.0 |
| 2015-10-30 | CVE-2015-6350 | SQL Injection vulnerability in Cisco Prime Service Catalog 11.0Base SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | 6.5 |
| 2015-10-30 | CVE-2015-6349 | Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |