Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2014-11-07 CVE-2014-2179 Improper Input Validation vulnerability in Cisco products
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.
network
low complexity
cisco CWE-20
5.0
5.0
2014-11-07 CVE-2014-2178 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.
network
cisco CWE-352
6.8
6.8
2014-11-07 CVE-2014-2177 Code Injection vulnerability in Cisco products
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
network
low complexity
cisco CWE-94
critical
 9.0
9.0
2014-10-31 CVE-2014-3375 Cross-Site Scripting vulnerability in Cisco Unified Communications Manager
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.
network
cisco CWE-79
4.3
4.3
2014-10-31 CVE-2014-3374 Cross-Site Scripting vulnerability in Cisco Unified Communications Manager
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
network
cisco CWE-79
4.3
4.3
2014-10-31 CVE-2014-3373 Cross-Site Scripting vulnerability in Cisco Unified Communications Manager
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.
network
cisco CWE-79
4.3
4.3
2014-10-31 CVE-2014-3372 Cross-Site Scripting vulnerability in Cisco Unified Communications Manager
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
network
cisco CWE-79
4.3
4.3
2014-10-31 CVE-2014-3366 SQL Injection vulnerability in Cisco Unified Communications Manager
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
network
low complexity
cisco CWE-89
6.5
6.5
2014-10-28 CVE-2014-3293 Resource Management Errors vulnerability in Cisco Asr901 and IOS
Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736.
network
low complexity
cisco CWE-399
5.0
5.0
2014-10-25 CVE-2014-3409 Resource Management Errors vulnerability in Cisco IOS XE
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.
low complexity
cisco CWE-399
6.1
6.1