Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-30 | CVE-2015-6352 | Information Exposure vulnerability in Cisco products Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | 4.3 |
| 2015-10-30 | CVE-2015-6351 | Improper Input Validation vulnerability in Cisco ASR 5000 Software 19.1.0.61559/19.2.0 Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. | 5.0 |
| 2015-10-30 | CVE-2015-6350 | SQL Injection vulnerability in Cisco Prime Service Catalog 11.0Base SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | 6.5 |
| 2015-10-30 | CVE-2015-6349 | Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2015-10-30 | CVE-2015-6348 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15 The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. | 4.0 |
| 2015-10-30 | CVE-2015-6347 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15 The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. | 4.0 |
| 2015-10-30 | CVE-2015-6346 | Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2015-10-30 | CVE-2015-6345 | SQL Injection vulnerability in Cisco Secure Access Control Server 5.7.0.15 SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. | 6.5 |
| 2015-10-30 | CVE-2015-6344 | Information Exposure vulnerability in Cisco ASA CX Context-Aware Security Software 9.3.4.1.11 The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105. | 4.0 |
| 2015-10-27 | CVE-2015-6340 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 5000 Software 19.0.M0.60737 The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) via a crafted header in a PMIPv6 packet, aka Bug ID CSCuv63280. | 5.0 |