Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-10 | CVE-2013-6974 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431. | 4.3 |
2014-01-08 | CVE-2014-0657 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. | 4.0 |
2014-01-08 | CVE-2014-0656 | Improper Input Validation vulnerability in Cisco Context Directory Agent Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. | 4.0 |
2014-01-08 | CVE-2014-0655 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. | 4.3 |
2014-01-08 | CVE-2014-0654 | Improper Input Validation vulnerability in Cisco Context Directory Agent Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. | 4.3 |
2014-01-08 | CVE-2014-0653 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. | 4.3 |
2014-01-08 | CVE-2014-0652 | Cross-Site Scripting vulnerability in Cisco Context Directory Agent Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358. | 4.3 |
2014-01-08 | CVE-2014-0651 | Permissions, Privileges, and Access Controls vulnerability in Cisco Context Directory Agent The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347. | 4.9 |
2014-01-08 | CVE-2013-6982 | Improper Input Validation vulnerability in Cisco Nx-Os The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. | 4.3 |
2013-12-31 | CVE-2013-6983 | SQL Injection vulnerability in Cisco Unified Presence Server SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | 6.5 |