Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-08-11 | CVE-2014-3330 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nexus 9000 and Nx-Os Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword, aka Bug ID CSCuo02489. | 5.0 |
2014-08-11 | CVE-2014-3327 | Improper Input Validation vulnerability in Cisco IOS and IOS XE The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. | 7.8 |
2014-08-11 | CVE-2014-3336 | SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | 6.5 |
2014-08-11 | CVE-2014-3333 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014. | 9.0 |
2014-08-11 | CVE-2014-3332 | Unspecified vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. | 4.0 |
2014-08-01 | CVE-2014-3302 | Cryptographic Issues vulnerability in Cisco Webex Meetings Server user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. | 5.8 |
2014-07-29 | CVE-2014-3329 | Cross-Site Scripting vulnerability in Cisco Prime Data Center Network Manager Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620. | 4.3 |
2014-07-28 | CVE-2014-3304 | Information Exposure vulnerability in Cisco Webex Meetings Server The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. | 5.0 |
2014-07-28 | CVE-2014-3303 | Information Exposure vulnerability in Cisco Webex Meetings Server The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. | 4.0 |
2014-07-26 | CVE-2014-3328 | Resource Exhaustion vulnerability in Cisco Unified Presence Server The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. | 5.0 |