Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-12 | CVE-2015-0610 | Race Condition vulnerability in Cisco IOS Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. | 4.3 |
| 2015-02-12 | CVE-2015-0608 | Race Condition vulnerability in Cisco IOS Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736. | 7.1 |
| 2015-02-12 | CVE-2015-0606 | Improper Input Validation vulnerability in Cisco IOS The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. | 4.9 |
| 2015-02-12 | CVE-2015-0592 | Resource Management Errors vulnerability in Cisco IOS The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672. | 7.8 |
| 2015-02-12 | CVE-2015-0580 | SQL Injection vulnerability in Cisco Secure Access Control System Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. | 6.5 |
| 2015-02-12 | CVE-2014-3365 | Cross-site Scripting vulnerability in Cisco Prime Security Manager Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. | 4.3 |
| 2015-02-12 | CVE-2014-2153 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. | 4.3 |
| 2015-02-12 | CVE-2014-2152 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. | 6.8 |
| 2015-02-12 | CVE-2014-2147 | Improper Input Validation vulnerability in Cisco Prime Infrastructure The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444. | 4.3 |
| 2015-02-07 | CVE-2015-0602 | Information Exposure vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. | 5.0 |