Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2016-02-07 CVE-2016-1301 Improper Access Control vulnerability in Cisco products
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.
network
low complexity
cisco CWE-284
8.8
2016-02-06 CVE-2016-1311 Cross-site Scripting vulnerability in Cisco Jabber Guest 10.6.8
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.
network
low complexity
cisco CWE-79
6.1
2016-01-30 CVE-2016-1304 Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009)
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.
network
low complexity
cisco CWE-79
6.1
2016-01-30 CVE-2016-1303 Improper Input Validation vulnerability in Cisco 500 Series Switch Firmware 1.2.0.92
The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.
network
low complexity
cisco CWE-20
7.5
2016-01-27 CVE-2016-1300 Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009)
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.
network
low complexity
cisco CWE-79
6.1
2016-01-27 CVE-2016-1299 Resource Management Errors vulnerability in Cisco 300 Series Managed Switch Firmware 1.4.1
The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174.
network
low complexity
cisco CWE-399
5.3
2016-01-27 CVE-2015-6421 Resource Management Errors vulnerability in Cisco Wide Area Application Services
cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330.
network
low complexity
cisco CWE-399
7.5
2016-01-27 CVE-2015-6319 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
network
low complexity
cisco sun CWE-89
critical
9.8
2016-01-26 CVE-2016-1298 Cross-site Scripting vulnerability in Cisco Unified Contact Center Express
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033.
network
low complexity
cisco CWE-79
6.1
2016-01-26 CVE-2015-6337 Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10/1.0Ga
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.
network
low complexity
cisco CWE-79
6.1