Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-29 | CVE-2016-1404 | Information Exposure vulnerability in Cisco UCS Invicta C3124Sa Appliance Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. | 5.0 |
| 2016-05-28 | CVE-2016-1413 | Code Injection vulnerability in Cisco Firepower Management Center The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | 4.0 |
| 2016-05-28 | CVE-2016-1410 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. | 5.0 |
| 2016-05-28 | CVE-2016-1379 | Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576. | 6.5 |
| 2016-05-26 | CVE-2016-1385 | Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. | 6.5 |
| 2016-05-25 | CVE-2016-1407 | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. | 5.0 |
| 2016-05-25 | CVE-2016-1406 | Improper Access Control vulnerability in Cisco products The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. | 6.5 |
| 2016-05-25 | CVE-2016-1400 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. | 5.0 |
| 2016-05-21 | CVE-2016-1402 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Identity Services Engine Software 1.2.0.899 The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | 5.0 |
| 2016-05-21 | CVE-2016-1401 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.4(1A) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. | 4.3 |