Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-09-20 CVE-2015-6301 Resource Management Errors vulnerability in Cisco products
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171.
network
low complexity
cisco CWE-399
5.0
5.0
2015-09-20 CVE-2015-6300 Improper Input Validation vulnerability in Cisco Secure Access Control Server 5.7.0.15
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.
network
low complexity
cisco CWE-20
4.0
4.0
2015-09-20 CVE-2015-6299 SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2)
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.
network
low complexity
cisco CWE-89
6.5
6.5
2015-09-20 CVE-2015-6295 Resource Management Errors vulnerability in Cisco Nx-Os 6.1(2)I3(4)/7.0(3)I1(1)
Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560.
low complexity
cisco CWE-399
4.8
4.8
2015-09-20 CVE-2015-4305 Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656.
network
low complexity
cisco CWE-264
4.0
4.0
2015-09-18 CVE-2015-6297 Resource Management Errors vulnerability in Cisco IOS XR 5.2.0Base
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.
network
low complexity
cisco CWE-399
5.0
5.0
2015-09-18 CVE-2015-6294 Resource Management Errors vulnerability in Cisco IOS and IOS XE
Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.
low complexity
cisco CWE-399
6.1
6.1
2015-09-14 CVE-2015-6290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco web Security Virtual Appliance
Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.
network
cisco CWE-119
4.3
4.3
2015-09-14 CVE-2015-6288 Resource Management Errors vulnerability in Cisco Content Security Management Appliance 7.8Base
Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620.
network
low complexity
cisco CWE-399
5.0
5.0
2015-09-14 CVE-2015-6287 Resource Management Errors vulnerability in Cisco web Security Virtual Appliance 8.0.5/8.0.6/8.0Base
Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.
network
low complexity
cisco CWE-399
5.0
5.0