Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-26 | CVE-2015-6305 | Untrusted Search Path vulnerability in Cisco Anyconnect Secure Mobility Client Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. | 7.2 |
| 2015-09-26 | CVE-2015-6302 | Resource Management Errors vulnerability in Cisco Wireless LAN Controller Software 7.0.250.0/7.0.252.0 The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. | 5.0 |
| 2015-09-26 | CVE-2015-6282 | Improper Input Validation vulnerability in Cisco IOS XE Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933. | 7.8 |
| 2015-09-24 | CVE-2015-6304 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Telepresence Server Software 3.0(2.24) Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760. | 6.8 |
| 2015-09-24 | CVE-2015-6303 | Information Exposure vulnerability in Cisco Spark 20150704Base The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844. | 4.3 |
| 2015-09-20 | CVE-2015-6301 | Resource Management Errors vulnerability in Cisco products The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. | 5.0 |
| 2015-09-20 | CVE-2015-6300 | Improper Input Validation vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. | 4.0 |
| 2015-09-20 | CVE-2015-6299 | SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | 6.5 |
| 2015-09-20 | CVE-2015-6295 | Resource Management Errors vulnerability in Cisco Nx-Os 6.1(2)I3(4)/7.0(3)I1(1) Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. | 4.8 |
| 2015-09-20 | CVE-2015-6284 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Telepresence Server Software Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. | 7.8 |