Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-15 | CVE-2015-6320 | Resource Management Errors vulnerability in Cisco Aironet Access Point Software 8.1(112.3)/8.1(112.4) The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138. | 7.5 |
| 2016-01-15 | CVE-2015-6314 | Improper Authentication vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. | 9.8 |
| 2016-01-08 | CVE-2015-6434 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856. | 6.1 |
| 2016-01-08 | CVE-2015-6433 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | 6.5 |
| 2016-01-05 | CVE-2015-6432 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | 7.5 |
| 2015-12-26 | CVE-2015-6409 | Information Exposure vulnerability in Cisco Jabber 10.6(2) Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419. | 5.9 |
| 2015-12-23 | CVE-2015-6431 | Resource Management Errors vulnerability in Cisco IOS XE 16.1.1 Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | 6.5 |
| 2014-03-19 | CVE-2014-2120 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. | 6.1 |
| 2012-08-06 | CVE-2012-1342 | Incorrect Authorization vulnerability in Cisco Carrier Routing System 3.9.0/4.0.0/4.1.0 Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | 5.8 |
| 2012-03-29 | CVE-2012-0384 | Improper Privilege Management vulnerability in Cisco IOS Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. | 7.2 |