Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-05 | CVE-2015-6432 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | 5.0 |
| 2015-12-26 | CVE-2015-6409 | Information Exposure vulnerability in Cisco Jabber 10.6(2) Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419. | 4.3 |
| 2015-12-23 | CVE-2015-6431 | Resource Management Errors vulnerability in Cisco IOS XE 16.1.1 Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | 6.1 |
| 2015-12-19 | CVE-2015-6429 | Data Processing Errors vulnerability in Cisco IOS and IOS XE The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236. | 5.0 |
| 2015-12-18 | CVE-2015-6428 | Information Exposure vulnerability in Cisco Dpq3925 8X4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter R1Base Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | 5.0 |
| 2015-12-18 | CVE-2015-6427 | 7PK - Security Features vulnerability in Cisco Firesight System Software Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. | 5.0 |
| 2015-12-16 | CVE-2015-6425 | Resource Management Errors vulnerability in Cisco Unified Communications Manager 10.5(0.98000.88) The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | 5.0 |
| 2015-12-15 | CVE-2015-6411 | Information Exposure vulnerability in Cisco Firepower Management Center 5.4.1.3/6.0.0/6.0.1 Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | 5.0 |
| 2015-12-15 | CVE-2015-6404 | Information Exposure vulnerability in Cisco Hosted Collaboration Solution 10.6(3)Base Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. | 4.0 |
| 2015-12-15 | CVE-2015-6399 | Resource Management Errors vulnerability in Cisco Integrated Management Controller Supervisor 1.0.0.0/1.0.0.1 The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. | 6.8 |