Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-03 | CVE-2014-8013 | Improper Input Validation vulnerability in Cisco Nx-Os The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. | 4.9 |
2015-02-02 | CVE-2015-0597 | Improper Input Validation vulnerability in Cisco Webex Meetings Server The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. | 5.0 |
2015-02-02 | CVE-2015-0596 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. | 6.8 |
2015-02-02 | CVE-2015-0595 | Information Exposure vulnerability in Cisco Webex Meetings Server The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. | 5.0 |
2015-01-28 | CVE-2015-0586 | Resource Management Errors vulnerability in Cisco IOS The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682. | 7.8 |
2015-01-28 | CVE-2015-0581 | XML External Entity Injection vulnerability in Cisco Prime Service Catalog 9.4.1Vortex The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880. | 7.5 |
2015-01-22 | CVE-2014-8008 | Information Exposure vulnerability in Cisco Unified Communications Manager Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | 6.8 |
2015-01-17 | CVE-2015-0590 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165. | 5.0 |
2015-01-15 | CVE-2015-0591 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.0 Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. | 5.0 |
2015-01-15 | CVE-2015-0588 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager 10.0 Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. | 6.8 |