Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-15 | CVE-2016-1449 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39 Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. | 4.3 |
| 2016-07-15 | CVE-2016-1447 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39 Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194. | 4.3 |
| 2016-07-15 | CVE-2016-1446 | SQL Injection vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39 SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. | 6.5 |
| 2016-07-12 | CVE-2016-1445 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. | 5.3 |
| 2016-07-07 | CVE-2016-1444 | Improper Input Validation vulnerability in Cisco products The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | 5.8 |
| 2016-07-07 | CVE-2016-1443 | 7PK - Security Features vulnerability in Cisco AMP Threat Grid Appliance The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample. | 6.8 |
| 2016-07-03 | CVE-2016-1425 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735. | 6.1 |
| 2016-07-03 | CVE-2016-1398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. | 6.8 |
| 2016-07-03 | CVE-2016-1441 | Improper Input Validation vulnerability in Cisco Cloud Network Automation Provisioner 1.0(0) Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. | 6.4 |
| 2016-07-02 | CVE-2016-1440 | Resource Management Errors vulnerability in Cisco web Security Appliance The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468. | 5.0 |