Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-15 | CVE-2016-1450 | Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39 Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. | 7.5 |
| 2016-07-15 | CVE-2016-1446 | SQL Injection vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39 SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. | 8.8 |
| 2016-07-15 | CVE-2016-1426 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. | 7.5 |
| 2016-07-07 | CVE-2016-1443 | 7PK - Security Features vulnerability in Cisco AMP Threat Grid Appliance The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample. | 8.1 |
| 2016-07-07 | CVE-2016-1442 | Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.0/3.1 The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. | 8.8 |
| 2016-07-03 | CVE-2016-1337 | Information Exposure vulnerability in Cisco Epc3928 Firmware Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178. | 8.1 |
| 2016-07-03 | CVE-2016-1336 | Improper Input Validation vulnerability in Cisco Epc3928 Firmware goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100. | 7.5 |
| 2016-07-03 | CVE-2016-1328 | Improper Input Validation vulnerability in Cisco Epc3928 Firmware goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948. | 7.5 |
| 2016-07-03 | CVE-2016-1441 | Improper Input Validation vulnerability in Cisco Cloud Network Automation Provisioner 1.0(0) Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. | 8.2 |
| 2016-07-03 | CVE-2016-1394 | Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | 8.6 |