Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-19 | CVE-2014-3408 | Cross-Site Scripting vulnerability in Cisco Prime Optical 10.0 Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763. | 6.8 |
2014-10-19 | CVE-2014-3406 | Race Condition vulnerability in Cisco Intrusion Prevention System Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085. | 7.1 |
2014-10-19 | CVE-2014-3397 | Resource Management Errors vulnerability in Cisco Telepresence MCU Software The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. | 7.8 |
2014-10-19 | CVE-2014-3381 | Permissions, Privileges, and Access Controls vulnerability in Cisco Asyncos The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934. | 5.0 |
2014-10-19 | CVE-2014-3370 | Resource Management Errors vulnerability in Cisco products Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447. | 7.1 |
2014-10-19 | CVE-2014-3369 | Resource Management Errors vulnerability in Cisco products The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252. | 7.1 |
2014-10-19 | CVE-2014-3368 | Resource Management Errors vulnerability in Cisco products Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507. | 7.8 |
2014-10-10 | CVE-2014-3402 | Improper Authentication vulnerability in Cisco Intrusion Prevention System The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens, which allows remote attackers to cause a denial of service (temporary MainApp hang) via a crafted connection request to the management interface, aka Bug ID CSCuq39550. | 5.0 |
2014-10-10 | CVE-2014-3389 | Command Injection vulnerability in Cisco Adaptive Security Appliance (ASA) Software The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582. | 9.0 |
2014-10-10 | CVE-2014-3388 | Resource Management Errors vulnerability in Cisco ASA 9.0/9.1/9.2 The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327. | 7.8 |