Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-28 | CVE-2016-1423 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. | 6.1 |
| 2016-10-27 | CVE-2016-6440 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.5(0.99838.4) The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. | 6.5 |
| 2016-10-27 | CVE-2016-6438 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. | 5.9 |
| 2016-10-27 | CVE-2016-6437 | Resource Management Errors vulnerability in Cisco Wide Area Application Services A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. | 5.9 |
| 2016-10-06 | CVE-2016-6436 | Cross-site Scripting vulnerability in Cisco Hostscan Engine Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682. | 6.1 |
| 2016-10-06 | CVE-2016-6435 | Information Exposure vulnerability in Cisco Secure Firewall Management Center 6.0.1 The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | 6.5 |
| 2016-10-06 | CVE-2016-6425 | Cross-site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. | 6.1 |
| 2016-10-06 | CVE-2016-6424 | Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software 8.4.7.29/9.1(7)4 The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942. | 6.5 |
| 2016-10-06 | CVE-2016-1454 | Improper Input Validation vulnerability in Cisco Nx-Os Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417. | 6.5 |
| 2016-10-05 | CVE-2016-6423 | Resource Management Errors vulnerability in Cisco IOS 15.5(3)M The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540. | 6.5 |