Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-16 | CVE-2015-4266 | Improper Input Validation vulnerability in Cisco Identity Services Engine Software 1.1(4.1)/1.3(106.146)/1.3(120.135) The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. | 4.3 |
| 2015-07-15 | CVE-2015-4271 | Improper Access Control vulnerability in Cisco Telepresence TC Software Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. | 6.4 |
| 2015-07-15 | CVE-2015-4267 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. | 6.8 |
| 2015-07-15 | CVE-2015-4273 | Improper Input Validation vulnerability in Cisco ASR 5000 Series Software 15.0(912)/15.0(935)/15.0(938) The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. | 5.0 |
| 2015-07-14 | CVE-2015-4270 | Cross-site Scripting vulnerability in Cisco Firesight System Software 5.3.1.5/6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. | 4.3 |
| 2015-07-14 | CVE-2015-4268 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 1.2(1.198)/1.3(0.876) Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052. | 4.3 |
| 2015-07-14 | CVE-2015-4272 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5) Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. | 4.3 |
| 2015-07-14 | CVE-2015-4269 | Resource Management Errors vulnerability in Cisco Unified Communications Manager 10.5(1.99995.9) The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. | 4.0 |
| 2015-07-10 | CVE-2015-4263 | Information Exposure vulnerability in Cisco Mobility Services Engine 10.0(0.1) The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851. | 4.0 |
| 2015-07-10 | CVE-2015-4236 | Resource Management Errors vulnerability in Cisco products Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. | 4.3 |