Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-07 | CVE-2014-2179 | Improper Input Validation vulnerability in Cisco products The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. | 5.0 |
2014-11-07 | CVE-2014-2178 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. | 6.8 |
2014-11-07 | CVE-2014-2177 | Code Injection vulnerability in Cisco products The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. | 9.0 |
2014-10-31 | CVE-2014-3375 | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. | 4.3 |
2014-10-31 | CVE-2014-3374 | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. | 4.3 |
2014-10-31 | CVE-2014-3373 | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. | 4.3 |
2014-10-31 | CVE-2014-3372 | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | 4.3 |
2014-10-31 | CVE-2014-3366 | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | 6.5 |
2014-10-28 | CVE-2014-3293 | Resource Management Errors vulnerability in Cisco Asr901 and IOS Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736. | 5.0 |
2014-10-25 | CVE-2014-3409 | Resource Management Errors vulnerability in Cisco IOS XE The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | 6.1 |