Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-08 | CVE-2015-6433 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | 6.5 |
| 2015-12-26 | CVE-2015-6409 | Information Exposure vulnerability in Cisco Jabber 10.6(2) Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419. | 5.9 |
| 2015-12-23 | CVE-2015-6431 | Resource Management Errors vulnerability in Cisco IOS XE 16.1.1 Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | 6.5 |
| 2014-03-19 | CVE-2014-2120 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. | 6.1 |
| 2012-08-06 | CVE-2012-1342 | Incorrect Authorization vulnerability in Cisco Carrier Routing System 3.9.0/4.0.0/4.1.0 Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | 5.8 |
| 2007-09-10 | CVE-2007-4786 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information. | 5.3 |
| 2004-12-31 | CVE-2004-1464 | Unspecified vulnerability in Cisco IOS Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port. | 5.9 |