Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-07-22 | CVE-2015-4284 | Improper Input Validation vulnerability in Cisco IOS XR 5.3.0 The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. | 5.0 |
2015-07-22 | CVE-2015-4281 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server 2.5(1) Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | 6.8 |
2015-07-21 | CVE-2015-4283 | Resource Management Errors vulnerability in Cisco Videoscape Policy Resource Manager 3.5.4 Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCuu35104 and CSCuu35128. | 7.8 |
2015-07-20 | CVE-2015-4279 | OS Command Injection vulnerability in Cisco Unified Computing System 2.2(3B) The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. | 7.2 |
2015-07-18 | CVE-2015-4280 | Resource Management Errors vulnerability in Cisco Prime Collaboration 10.0 Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. | 5.0 |
2015-07-16 | CVE-2015-0725 | Improper Input Validation vulnerability in Cisco products Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409. | 7.8 |
2015-07-16 | CVE-2015-4278 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 8.5.6106/9.5.0201 Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. | 4.3 |
2015-07-16 | CVE-2015-4276 | Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.5(1) Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. | 6.5 |
2015-07-16 | CVE-2015-4275 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 18.0.0.59167/18.0.0.59211 The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534. | 5.0 |
2015-07-16 | CVE-2015-4274 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.0(1)/10.6(1) Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. | 6.8 |