Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-13 | CVE-2015-6406 | Path Traversal vulnerability in Cisco Emergency Responder 10.5(1.10000.5) Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. | 4.0 |
| 2015-12-13 | CVE-2015-6405 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1A) Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. | 6.8 |
| 2015-12-13 | CVE-2015-6400 | Cross-site Scripting vulnerability in Cisco Emergency Responder 10.5(1A) Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. | 4.3 |
| 2015-12-13 | CVE-2015-6361 | Improper Input Validation vulnerability in Cisco Dpc3939 Wireless Residential Voice Gateway Firmware 121109Acmcstbase The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170. | 6.5 |
| 2015-12-12 | CVE-2015-6419 | Information Exposure vulnerability in Cisco Firesight System Software Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. | 6.8 |
| 2015-12-12 | CVE-2015-6408 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | 6.8 |
| 2015-12-12 | CVE-2015-6417 | Permissions, Privileges, and Access Controls vulnerability in Cisco Videoscape Distribution Suite Service Manager Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. | 6.5 |
| 2015-12-12 | CVE-2015-6395 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Service Catalog Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. | 6.5 |
| 2015-12-05 | CVE-2015-6394 | Resource Management Errors vulnerability in Cisco Nx-Os 5.2(9)N1(1) The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. | 4.9 |
| 2015-12-05 | CVE-2015-6388 | Security Bypass vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. | 5.0 |