Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-07-11 | CVE-2013-3418 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. | 6.8 |
2013-07-10 | CVE-2013-3416 | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997. | 4.3 |
2013-07-10 | CVE-2013-3408 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764. | 6.8 |
2013-07-10 | CVE-2013-1132 | Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. | 4.3 |
2013-07-10 | CVE-2013-3405 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence TC Software The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071. | 4.3 |
2013-07-10 | CVE-2013-3400 | Improper Input Validation vulnerability in Cisco Nexus 1000V and Nx-Os The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | 6.8 |
2013-07-04 | CVE-2013-3413 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036. | 4.3 |
2013-07-02 | CVE-2013-3401 | Security Bypass vulnerability in Cisco TelePresence TC Software The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080. network cisco | 4.3 |
2013-07-02 | CVE-2013-3399 | Buffer Errors vulnerability in Cisco Desktop Collaboration Experience Dx650 Buffer overflow in an unspecified Android API on the Cisco Desktop Collaboration Experience DX650 allows attackers to execute arbitrary code via vectors that leverage incorrect memory allocation, aka Bug IDs CSCuf93957, CSCug22352, and CSCug22462. | 6.6 |
2013-07-02 | CVE-2013-3395 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. | 6.8 |