Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-18 | CVE-2015-6294 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. | 6.1 |
| 2015-09-14 | CVE-2015-6290 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco web Security Virtual Appliance Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. | 4.3 |
| 2015-09-14 | CVE-2015-6288 | Resource Management Errors vulnerability in Cisco Content Security Management Appliance 7.8Base Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620. | 5.0 |
| 2015-09-14 | CVE-2015-6287 | Resource Management Errors vulnerability in Cisco web Security Virtual Appliance 8.0.5/8.0.6/8.0Base Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907. | 5.0 |
| 2015-09-14 | CVE-2015-6286 | Resource Management Errors vulnerability in Cisco Application Visibility and Control 15.3(3)Ja Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016. | 5.7 |
| 2015-09-14 | CVE-2015-6285 | Use of Externally-Controlled Format String vulnerability in Cisco Email Security Appliance 7.6.0/8.0.0 Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | 6.4 |
| 2015-09-05 | CVE-2015-6276 | Information Exposure vulnerability in Cisco Telepresence System Software IX 8.0.3 Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501. | 5.0 |
| 2015-09-02 | CVE-2015-6277 | Resource Management Errors vulnerability in Cisco products The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292. | 6.1 |
| 2015-09-02 | CVE-2015-6274 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco ASR 1000 Series Software 15.5(3)S The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273. | 5.0 |
| 2015-09-02 | CVE-2015-4330 | OS Command Injection vulnerability in Cisco Telepresence Video Communication Server Software X8.5.2 A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. | 6.9 |