Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-18 | CVE-2015-6428 | Information Exposure vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter R1Base Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | 5.0 |
2015-12-18 | CVE-2015-6427 | 7PK - Security Features vulnerability in Cisco Firesight System Software Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. | 5.0 |
2015-12-16 | CVE-2015-6425 | Resource Management Errors vulnerability in Cisco Unified Communications Manager 10.5(0.98000.88) The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | 5.0 |
2015-12-15 | CVE-2015-6411 | Information Exposure vulnerability in Cisco Firepower Management Center 5.4.1.3/6.0.0/6.0.1 Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | 5.0 |
2015-12-15 | CVE-2015-6404 | Information Exposure vulnerability in Cisco Hosted Collaboration Solution 10.6(3)Base Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. | 4.0 |
2015-12-15 | CVE-2015-6399 | Resource Management Errors vulnerability in Cisco Integrated Management Controller Supervisor 1.0.0.0/1.0.0.1 The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. | 6.8 |
2015-12-15 | CVE-2015-6359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. | 6.1 |
2015-12-15 | CVE-2015-4206 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | 4.3 |
2015-12-14 | CVE-2015-6422 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.6.1 The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | 4.0 |
2015-12-14 | CVE-2015-6416 | Cross-site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager 11.0(1) Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. | 4.3 |