Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-25 | CVE-2015-6341 | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software 7.4.140.0/8.0.120.0 The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. | 5.0 |
2015-10-16 | CVE-2015-6334 | Improper Input Validation vulnerability in Cisco ASR 5000 Software 18.0.0.57828/19.0.M0.61045 Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984. | 5.0 |
2015-10-16 | CVE-2015-6333 | Permissions, Privileges, and Access Controls vulnerability in Cisco Application Policy Infrastructure Controller 1.1(1J) Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | 4.6 |
2015-10-13 | CVE-2015-6332 | Resource Management Errors vulnerability in Cisco Prime Infrastructure 2.2 Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830. | 5.0 |
2015-10-13 | CVE-2015-6328 | Information Exposure vulnerability in Cisco Prime Collaboration Assurance 10.5.1 The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380. | 6.8 |
2015-10-12 | CVE-2015-6331 | SQL Injection vulnerability in Cisco Prime Collaboration Assurance 10.5.1 SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. | 6.5 |
2015-10-12 | CVE-2015-6329 | SQL Injection vulnerability in Cisco Prime Collaboration Provisioning 10.6.0/11.0.0 SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | 6.5 |
2015-10-12 | CVE-2015-6322 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563. | 6.6 |
2015-10-12 | CVE-2015-6318 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server Software X8.5.1/X8.5.2 Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. | 6.9 |
2015-10-12 | CVE-2015-4325 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272. | 6.9 |