Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-06 | CVE-2013-1119 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data within a WRF file, aka Bug ID CSCuc24503. | 9.3 |
| 2013-09-06 | CVE-2013-1118 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645. | 9.3 |
| 2013-09-06 | CVE-2013-1117 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCuc27639. | 9.3 |
| 2013-09-06 | CVE-2013-1116 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka Bug IDs CSCue74147 and CSCub28383. | 9.3 |
| 2013-09-06 | CVE-2013-1115 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109. | 9.3 |
| 2013-09-06 | CVE-2012-5990 | Cross-Site Scripting vulnerability in Cisco products Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. | 4.3 |
| 2013-09-05 | CVE-2013-5471 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Global Site Selector Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164. | 6.8 |
| 2013-09-04 | CVE-2013-5470 | Improper Input Validation vulnerability in Cisco Secure Access Control System Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | 5.0 |
| 2013-09-04 | CVE-2013-3469 | Information Exposure vulnerability in Cisco Mobility Services Engine Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | 5.0 |
| 2013-08-30 | CVE-2013-5469 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399. | 7.1 |