Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-30 | CVE-2016-1343 | XML External Entity Denial of Service vulnerability in Cisco Information Server 6.2Base The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. | 6.4 |
| 2016-04-28 | CVE-2016-1389 | Open Redirection vulnerability in Cisco Webex Meetings Server 2.6.0 Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. network cisco | 4.3 |
| 2016-04-28 | CVE-2016-1386 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.(1) The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. | 5.0 |
| 2016-04-20 | CVE-2016-1384 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. | 5.0 |
| 2016-04-14 | CVE-2016-1378 | Information Exposure vulnerability in Cisco IOS Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attackers to obtain potentially sensitive software-version information via a request to the Network Mobility Services Protocol (NMSP) port, aka Bug ID CSCum62591. | 5.0 |
| 2016-04-12 | CVE-2016-1377 | Cross-site Scripting vulnerability in Cisco Unity Connection Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. | 4.3 |
| 2016-04-12 | CVE-2016-1376 | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets, aka Bug ID CSCuv78548. | 5.0 |
| 2016-04-08 | CVE-2016-1375 | Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10 Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. | 4.3 |
| 2016-04-06 | CVE-2016-1290 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | 5.5 |
| 2016-04-01 | CVE-2016-1345 | Improper Input Validation vulnerability in Cisco products Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. | 5.0 |