Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-25 | CVE-2014-8001 | Buffer Errors vulnerability in Cisco Openh264 1.2.0 Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | 7.5 |
| 2014-11-21 | CVE-2014-8000 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | 5.0 |
| 2014-11-18 | CVE-2014-7996 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Computing System Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. | 6.8 |
| 2014-11-18 | CVE-2014-7992 | Information Exposure vulnerability in Cisco IOS The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | 5.0 |
| 2014-11-15 | CVE-2014-7998 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | 7.1 |
| 2014-11-15 | CVE-2014-7997 | Resource Management Errors vulnerability in Cisco IOS The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. | 6.1 |
| 2014-11-14 | CVE-2014-7991 | Cryptographic Issues vulnerability in Cisco Unified Communications Manager The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | 4.3 |
| 2014-11-07 | CVE-2014-7990 | Improper Input Validation vulnerability in Cisco products Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | 6.8 |
| 2014-11-07 | CVE-2014-7989 | Improper Input Validation vulnerability in Cisco products Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. | 6.8 |
| 2014-11-07 | CVE-2014-7988 | Information Exposure vulnerability in Cisco Unity Connection The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. | 4.0 |