Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-03 | CVE-2016-1425 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. | 6.5 |
| 2016-07-03 | CVE-2016-1398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. | 6.5 |
| 2016-07-02 | CVE-2016-1440 | Resource Management Errors vulnerability in Cisco web Security Appliance The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468. | 5.3 |
| 2016-06-23 | CVE-2016-1439 | Cross-site Scripting vulnerability in Cisco Unified Contact Center Enterprise Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650. | 6.1 |
| 2016-06-23 | CVE-2016-1437 | SQL Injection vulnerability in Cisco Prime Collaboration Deployment SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | 6.5 |
| 2016-06-23 | CVE-2016-1434 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | 6.5 |
| 2016-06-23 | CVE-2016-1428 | Unspecified vulnerability in Cisco IOS XE 3.15.0S/3.16.0S/3.17.0S Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug ID CSCux13174. | 6.5 |
| 2016-06-19 | CVE-2016-1424 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS 15.2(1)T1.11/15.2(2)Tst Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | 6.5 |
| 2016-06-19 | CVE-2016-1397 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. | 6.5 |
| 2016-06-19 | CVE-2016-1396 | Cross-site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. | 6.1 |