Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-12 | CVE-2014-2140 | Denial of Service vulnerability in Cisco ONS 15454 System Software and ONS 15454 Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348. | 5.0 |
| 2014-04-12 | CVE-2014-2139 | Denial of Service vulnerability in Cisco ONS 15454 System Software and ONS 15454 Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315. | 5.0 |
| 2014-04-10 | CVE-2014-2141 | Buffer Errors vulnerability in Cisco ONS 15454 System Software and ONS 15454 The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416. | 4.0 |
| 2014-04-05 | CVE-2014-2145 | Path Traversal vulnerability in Cisco Unity Connection Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071. | 4.0 |
| 2014-04-05 | CVE-2014-2144 | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. | 6.1 |
| 2014-04-04 | CVE-2014-2143 | Denial of Service vulnerability in Cisco IOS XE The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. | 5.0 |
| 2014-04-04 | CVE-2014-2117 | Improper Input Validation vulnerability in Cisco Emergency Responder 1.1 Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909. | 4.3 |
| 2014-04-04 | CVE-2014-2116 | Improper Input Validation vulnerability in Cisco Emergency Responder 1.1 Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. | 4.3 |
| 2014-04-04 | CVE-2014-2115 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. | 6.8 |
| 2014-04-04 | CVE-2014-2114 | Cross-Site Scripting vulnerability in Cisco Emergency Responder 1.1 Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. | 4.3 |