Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-25 | CVE-2016-1382 | Improper Input Validation vulnerability in Cisco web Security Appliance (Wsa) Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. | 7.5 |
| 2016-05-25 | CVE-2016-1381 | Resource Management Errors vulnerability in Cisco web Security Appliance Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270. | 7.5 |
| 2016-05-25 | CVE-2016-1380 | Improper Input Validation vulnerability in Cisco web Security Appliance Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. | 7.5 |
| 2016-05-21 | CVE-2016-1402 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Identity Services Engine Software 1.2.0.899 The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | 7.5 |
| 2016-05-14 | CVE-2016-1399 | Resource Management Errors vulnerability in Cisco IOS The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431. | 7.5 |
| 2016-05-12 | CVE-2016-1393 | SQL Injection vulnerability in Cisco Cloud Network Automation Provisioner 1.0/1.1 SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | 7.1 |
| 2016-05-05 | CVE-2016-1392 | Unspecified vulnerability in Cisco Prime Collaboration Assurance Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. | 7.4 |
| 2016-05-05 | CVE-2016-1373 | Unspecified vulnerability in Cisco Finesse The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. | 8.6 |
| 2016-05-05 | CVE-2016-1369 | Resource Management Errors vulnerability in Cisco ASA With Firepower Services The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922. | 7.5 |
| 2016-05-05 | CVE-2016-1368 | Resource Management Errors vulnerability in Cisco Firesight System Software Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. | 7.5 |