Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-05 | CVE-2015-6387 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.3(0.1) Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. | 4.3 |
| 2015-12-05 | CVE-2015-6384 | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings 8.0Base The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. | 4.3 |
| 2015-12-03 | CVE-2015-6390 | Cross-site Scripting vulnerability in Cisco Unity Connection 9.1(1.10) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741. | 4.3 |
| 2015-12-01 | CVE-2015-6386 | Resource Management Errors vulnerability in Cisco web Security Appliance 8.0.7142/8.5.1021 The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150. | 5.0 |
| 2015-11-26 | CVE-2015-6382 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 16.0(900) Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. | 5.0 |
| 2015-11-24 | CVE-2015-6380 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | 6.5 |
| 2015-11-21 | CVE-2015-6376 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1 Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412. | 6.8 |
| 2015-11-19 | CVE-2015-6374 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604. | 4.3 |
| 2015-11-19 | CVE-2015-6371 | Information Exposure vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621. | 4.0 |
| 2015-11-19 | CVE-2015-6369 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531. | 4.9 |