Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-06 | CVE-2013-1115 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109. | 9.3 |
| 2013-09-06 | CVE-2012-5990 | Cross-Site Scripting vulnerability in Cisco products Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. | 4.3 |
| 2013-09-05 | CVE-2013-5471 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Global Site Selector Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164. | 6.8 |
| 2013-09-04 | CVE-2013-5470 | Improper Input Validation vulnerability in Cisco Secure Access Control System Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | 5.0 |
| 2013-09-04 | CVE-2013-3469 | Information Exposure vulnerability in Cisco Mobility Services Engine Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | 5.0 |
| 2013-08-30 | CVE-2013-5469 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399. | 7.1 |
| 2013-08-30 | CVE-2013-3474 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Wireless LAN Controller The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. | 6.3 |
| 2013-08-30 | CVE-2013-3470 | Improper Input Validation vulnerability in Cisco IOS XR The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | 5.0 |
| 2013-08-30 | CVE-2013-3467 | Resource Management Errors vulnerability in Cisco products Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all" or (2) "show monitor session" command, aka Bug ID CSCug20103. | 4.6 |
| 2013-08-30 | CVE-2012-5744 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904. | 4.3 |