Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-02 | CVE-2014-2138 | Improper Input Validation vulnerability in Cisco Security Manager CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. | 4.3 |
| 2014-04-02 | CVE-2014-2137 | Improper Input Validation vulnerability in Cisco products CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. | 4.3 |
| 2014-04-02 | CVE-2014-2125 | Cross-Site Scripting vulnerability in Cisco Unity Connection 8.6/8.6(1A)/8.6(2A) Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028. | 4.3 |
| 2014-03-29 | CVE-2014-2131 | Resource Management Errors vulnerability in Cisco IOS The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. | 6.1 |
| 2014-03-27 | CVE-2014-2118 | Cross-Site Scripting vulnerability in Cisco Prime Security Manager Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687. | 4.3 |
| 2014-03-27 | CVE-2014-2113 | Improper Input Validation vulnerability in Cisco IOS and IOS XE Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. | 7.8 |
| 2014-03-27 | CVE-2014-2112 | Improper Input Validation vulnerability in Cisco IOS The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | 7.8 |
| 2014-03-27 | CVE-2014-2111 | Improper Input Validation vulnerability in Cisco IOS The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | 7.1 |
| 2014-03-27 | CVE-2014-2109 | Improper Input Validation vulnerability in Cisco IOS The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. | 7.8 |
| 2014-03-27 | CVE-2014-2108 | Improper Input Validation vulnerability in Cisco IOS and IOS XE Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. | 7.8 |