Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-28 | CVE-2015-0655 | Cross-site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. | 4.3 |
2015-02-27 | CVE-2015-0651 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Application Networking Manager Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. | 6.8 |
2015-02-27 | CVE-2015-0632 | Race Condition vulnerability in Cisco IOS and IOS XE Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. | 5.7 |
2015-02-27 | CVE-2015-0594 | Cross-site Scripting vulnerability in Cisco Prime LAN Management Solution and Security Manager Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. | 4.3 |
2015-02-26 | CVE-2015-0633 | Improper Input Validation vulnerability in Cisco Unified Computing System The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. | 6.8 |
2015-02-21 | CVE-2015-0631 | Race Condition vulnerability in Cisco IPS Sensor Software 7.2(1)E4/7.2(2)E4 Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688. | 7.1 |
2015-02-21 | CVE-2015-0624 | Improper Input Validation vulnerability in Cisco products The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. | 4.3 |
2015-02-21 | CVE-2015-0618 | Data Processing Errors vulnerability in Cisco Carrier Routing System and IOS XR Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241. | 7.1 |
2015-02-20 | CVE-2015-0628 | Information Exposure vulnerability in Cisco web Security Appliance The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. | 5.0 |
2015-02-20 | CVE-2015-0584 | Improper Input Validation vulnerability in Cisco Desktop Collaboration Experience Dx650 The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. | 7.2 |