Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2015-12-12	CVE-2015-6419	Information Exposure vulnerability in Cisco Firesight System Software Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. network low complexity cisco CWE-200	6.8
2015-12-12	CVE-2015-6408	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. network cisco CWE-352	6.8
2015-12-12	CVE-2015-6417	Permissions, Privileges, and Access Controls vulnerability in Cisco Videoscape Distribution Suite Service Manager Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. network low complexity cisco CWE-264	6.5
2015-12-12	CVE-2015-6395	Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Service Catalog Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. network low complexity cisco CWE-264	6.5
2015-12-05	CVE-2015-6394	Resource Management Errors vulnerability in Cisco Nx-Os 5.2(9)N1(1) The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. local low complexity cisco CWE-399	4.9
2015-12-05	CVE-2015-6388	Security Bypass vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. network low complexity cisco	5.0
2015-12-05	CVE-2015-6387	Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. network cisco CWE-79	4.3
2015-12-05	CVE-2015-6384	Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings 8.0Base The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. network cisco CWE-264	4.3
2015-12-03	CVE-2015-6390	Cross-site Scripting vulnerability in Cisco Unity Connection 9.1(1.10) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741. network cisco CWE-79	4.3
2015-12-01	CVE-2015-6386	Resource Management Errors vulnerability in Cisco web Security Appliance 8.0.7142/8.5.1021 The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150. network low complexity cisco CWE-399	5.0