Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-24 | CVE-2015-4211 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client 3.1(60) Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. | 7.2 |
| 2015-06-24 | CVE-2015-4208 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. | 7.5 |
| 2015-06-23 | CVE-2015-4210 | Cross-site Scripting vulnerability in Cisco Webex Meeting Center Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. | 4.3 |
| 2015-06-23 | CVE-2015-4209 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. | 6.4 |
| 2015-06-23 | CVE-2015-4207 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. | 5.0 |
| 2015-06-23 | CVE-2015-4205 | Resource Management Errors vulnerability in Cisco IOS XR 5.3.1 Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. | 5.7 |
| 2015-06-23 | CVE-2015-4203 | Race Condition vulnerability in Cisco IOS 12.2(33)Sch/12.2Sch Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396. | 5.4 |
| 2015-06-23 | CVE-2015-4189 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework 1.4.0 Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. | 6.8 |
| 2015-06-23 | CVE-2015-4204 | Resource Management Errors vulnerability in Cisco IOS 12.2/12.2(33) Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051. | 6.8 |
| 2015-06-23 | CVE-2015-4200 | Resource Management Errors vulnerability in Cisco IOS 15.3(3)S/15.3S Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885. | 7.8 |