Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-06 | CVE-2015-4282 | Permissions, Privileges, and Access Controls vulnerability in Cisco Mobility Services Engine Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | 6.9 |
| 2015-11-04 | CVE-2015-6356 | Cross-site Scripting vulnerability in Cisco Socialminer 10.0(1) Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. | 4.3 |
| 2015-11-04 | CVE-2015-6355 | Information Exposure vulnerability in Cisco Unified Computing System 2.2(5B)A The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. | 5.0 |
| 2015-10-31 | CVE-2015-6343 | Resource Management Errors vulnerability in Cisco IOS 15.5(3)M The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | 5.0 |
| 2015-10-30 | CVE-2015-6352 | Information Exposure vulnerability in Cisco products Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. | 4.3 |
| 2015-10-30 | CVE-2015-6351 | Improper Input Validation vulnerability in Cisco ASR 5000 Software 19.1.0.61559/19.2.0 Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. | 5.0 |
| 2015-10-30 | CVE-2015-6350 | SQL Injection vulnerability in Cisco Prime Service Catalog 11.0Base SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | 6.5 |
| 2015-10-30 | CVE-2015-6349 | Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15 Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2015-10-30 | CVE-2015-6348 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15 The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. | 4.0 |
| 2015-10-30 | CVE-2015-6347 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15 The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. | 4.0 |