Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2016-08-23	CVE-2016-6365	Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. network low complexity cisco CWE-79	6.1
2016-08-23	CVE-2016-1477	Information Exposure vulnerability in Cisco Connected Streaming Analytics 1.1.1Base Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. network low complexity cisco CWE-200	6.5
2016-08-22	CVE-2016-6363	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Aironet Access Point Software The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192. low complexity cisco CWE-119	6.5
2016-08-22	CVE-2016-6361	Improper Input Validation vulnerability in Cisco Aironet Access Point Software The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288. low complexity cisco CWE-20	6.5
2016-08-22	CVE-2016-6359	Cross-site Scripting vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817. network low complexity cisco CWE-79	6.1
2016-08-22	CVE-2016-1485	Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 1.3(0.876) Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. network low complexity cisco CWE-79	6.1
2016-08-22	CVE-2016-1476	Cross-site Scripting vulnerability in Cisco IP Phone 8800 Series Firmware 11.0Base Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. network low complexity cisco CWE-79	5.4
2016-08-08	CVE-2016-1474	Improper Access Control vulnerability in Cisco Prime Infrastructure 2.2(2) Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. network low complexity cisco CWE-284	4.3
2016-07-28	CVE-2016-1467	Resource Management Errors vulnerability in Cisco Videoscape Session Resource Manager Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813. low complexity cisco CWE-399	6.5
2016-07-28	CVE-2016-1465	Resource Management Errors vulnerability in Cisco Nx-Os Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985. low complexity cisco CWE-399	6.5