Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-13 | CVE-2012-4107 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. | 4.6 |
2013-10-13 | CVE-2012-4106 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477. | 6.8 |
2013-10-13 | CVE-2012-4105 | Improper Input Validation vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86468. | 4.6 |
2013-10-11 | CVE-2013-5533 | Improper Input Validation vulnerability in Cisco products The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. | 6.0 |
2013-10-11 | CVE-2013-5532 | Improper Input Validation vulnerability in Cisco products Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343. | 5.0 |
2013-10-11 | CVE-2013-5528 | Path Traversal vulnerability in Cisco Unified Communications Manager Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815. | 4.0 |
2013-10-10 | CVE-2013-5527 | Improper Input Validation vulnerability in Cisco IOS and IOS XE The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. | 5.7 |
2013-10-10 | CVE-2013-5526 | Improper Input Validation vulnerability in Cisco Unified IP Phone 9951 and Unified IP Phone 9971 Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698. | 7.1 |
2013-10-10 | CVE-2013-5525 | SQL Injection vulnerability in Cisco Identity Services Engine Software SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502. | 6.5 |
2013-10-10 | CVE-2013-5524 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655. | 4.3 |