Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-18 | CVE-2015-6330 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5.1/10.6.0 Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. | 6.8 |
| 2015-11-14 | CVE-2015-6365 | Improper Input Validation vulnerability in Cisco IOS 15.2(4)M/15.4(3)M Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. | 4.0 |
| 2015-11-14 | CVE-2015-6364 | Information Exposure vulnerability in Cisco Videoscape Distribution Suite Service Manager 3.0.0/3.1.0/3.2.0 Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960. | 5.0 |
| 2015-11-13 | CVE-2015-6366 | Improper Access Control vulnerability in Cisco IOS 15.2(4)M6/15.4(3)S Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. | 5.0 |
| 2015-11-10 | CVE-2015-6362 | Permissions, Privileges, and Access Controls vulnerability in Cisco Connected Grid Network Management System 3.0(0.35)/3.0(0.54) The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. | 4.0 |
| 2015-11-06 | CVE-2015-6316 | Credentials Management vulnerability in Cisco Mobility Services Engine The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | 6.5 |
| 2015-11-06 | CVE-2015-4282 | Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | 6.9 |
| 2015-11-04 | CVE-2015-6356 | Cross-site Scripting vulnerability in Cisco Socialminer 10.0(1) Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. | 4.3 |
| 2015-11-04 | CVE-2015-6355 | Information Exposure vulnerability in Cisco Unified Computing System 2.2(5B)A The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. | 5.0 |
| 2015-10-31 | CVE-2015-6343 | Resource Management Errors vulnerability in Cisco IOS 15.5(3)M The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | 5.0 |