Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-20 | CVE-2014-2194 | Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. | 6.8 |
| 2014-05-20 | CVE-2014-2193 | Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084. | 4.3 |
| 2014-05-20 | CVE-2014-2192 | Cross-Site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033. | 4.3 |
| 2014-05-20 | CVE-2013-6975 | Path Traversal vulnerability in Cisco Nx-Os Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | 4.6 |
| 2014-05-16 | CVE-2014-3263 | Improper Input Validation vulnerability in Cisco IOS 15.3(3)M/15.3M The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. | 5.4 |
| 2014-05-16 | CVE-2014-3262 | Improper Input Validation vulnerability in Cisco IOS XE The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | 4.3 |
| 2014-05-08 | CVE-2014-2136 | Buffer Errors vulnerability in Cisco products Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166. | 9.3 |
| 2014-05-08 | CVE-2014-2135 | Buffer Errors vulnerability in Cisco products Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603. | 9.3 |
| 2014-05-08 | CVE-2014-2134 | Buffer Errors vulnerability in Cisco products Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. | 9.3 |
| 2014-05-08 | CVE-2014-2133 | Buffer Errors vulnerability in Cisco products Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. | 9.3 |