Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-12 | CVE-2015-6419 | Information Exposure vulnerability in Cisco Firesight System Software Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. | 6.8 |
2015-12-12 | CVE-2015-6408 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | 6.8 |
2015-12-12 | CVE-2015-6417 | Permissions, Privileges, and Access Controls vulnerability in Cisco Videoscape Distribution Suite Service Manager Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. | 6.5 |
2015-12-12 | CVE-2015-6395 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Service Catalog Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. | 6.5 |
2015-12-05 | CVE-2015-6394 | Resource Management Errors vulnerability in Cisco Nx-Os 5.2(9)N1(1) The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. | 4.9 |
2015-12-05 | CVE-2015-6388 | Security Bypass vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. | 5.0 |
2015-12-05 | CVE-2015-6387 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. | 4.3 |
2015-12-05 | CVE-2015-6384 | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings 8.0Base The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. | 4.3 |
2015-12-03 | CVE-2015-6390 | Cross-site Scripting vulnerability in Cisco Unity Connection 9.1(1.10) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741. | 4.3 |
2015-12-01 | CVE-2015-6386 | Resource Management Errors vulnerability in Cisco web Security Appliance 8.0.7142/8.5.1021 The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150. | 5.0 |