Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-03 | CVE-2016-1415 | Resource Management Errors vulnerability in Cisco Webex WRF Player T29 Sp10Base Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. | 4.3 |
| 2016-09-02 | CVE-2016-6376 | Resource Management Errors vulnerability in Cisco products The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263. | 6.1 |
| 2016-09-02 | CVE-2016-1472 | Improper Input Validation vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238. | 5.0 |
| 2016-09-02 | CVE-2016-1471 | Cross-site Scripting vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232. | 4.3 |
| 2016-09-02 | CVE-2016-1470 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19 Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230. | 6.8 |
| 2016-08-23 | CVE-2016-6365 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. | 4.3 |
| 2016-08-23 | CVE-2016-6364 | Information Exposure vulnerability in Cisco Unified Communications Manager 11.5.0 The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855. | 5.0 |
| 2016-08-23 | CVE-2016-1484 | Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39 Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. | 5.0 |
| 2016-08-23 | CVE-2016-1477 | Information Exposure vulnerability in Cisco Connected Streaming Analytics 1.1.1Base Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. | 4.0 |
| 2016-08-22 | CVE-2016-6363 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Aironet Access Point Software The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192. | 6.1 |