Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-24 | CVE-2014-7993 | Information Exposure vulnerability in Cisco products Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012. | 3.3 |
| 2014-12-23 | CVE-2014-8026 | Cross-Site Scripting vulnerability in Cisco Jabber Guest Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074. | 4.3 |
| 2014-12-23 | CVE-2014-8025 | Information Exposure vulnerability in Cisco Jabber Guest The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801. | 4.3 |
| 2014-12-23 | CVE-2014-8024 | Information Exposure vulnerability in Cisco Jabber Guest The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789. | 4.3 |
| 2014-12-22 | CVE-2014-8018 | Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0 Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661. | 4.3 |
| 2014-12-22 | CVE-2014-8017 | Information Exposure vulnerability in Cisco Identity Services Engine Software The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673. | 5.0 |
| 2014-12-22 | CVE-2014-8015 | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400. | 4.0 |
| 2014-12-20 | CVE-2014-8019 | Path Traversal vulnerability in Cisco Enterprise Content Delivery System Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148. | 5.0 |
| 2014-12-20 | CVE-2014-8007 | Information Exposure vulnerability in Cisco Prime Infrastructure Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. | 4.0 |
| 2014-12-19 | CVE-2014-8016 | Resource Management Errors vulnerability in Cisco Ironport Email Security Appliances The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. | 5.0 |