Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-27 | CVE-2016-1300 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | 6.1 |
| 2016-01-27 | CVE-2016-1299 | Resource Management Errors vulnerability in Cisco 300 Series Managed Switch Firmware 1.4.1 The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174. | 5.3 |
| 2016-01-27 | CVE-2015-6421 | Resource Management Errors vulnerability in Cisco Wide Area Application Services cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330. | 7.5 |
| 2016-01-27 | CVE-2015-6319 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. | 9.8 |
| 2016-01-26 | CVE-2016-1298 | Cross-site Scripting vulnerability in Cisco Unified Contact Center Express Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. | 6.1 |
| 2016-01-26 | CVE-2015-6337 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10/1.0Ga Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. | 6.1 |
| 2016-01-23 | CVE-2015-6317 | Improper Access Control vulnerability in Cisco Identity Services Engine Software Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | 6.5 |
| 2016-01-22 | CVE-2015-6435 | OS Command Injection vulnerability in Cisco products An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | 9.8 |
| 2016-01-22 | CVE-2015-6412 | Credentials Management vulnerability in Cisco Modular Encoding Platform D9036 Software Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. | 9.8 |
| 2016-01-20 | CVE-2016-1296 | 7PK - Security Features vulnerability in Cisco web Security Appliance 8.5.3055/9.1.0000/9.5.0235 The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. | 7.5 |