Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-29 | CVE-2015-4290 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049) The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255. | 4.9 |
| 2015-07-29 | CVE-2015-4286 | Improper Input Validation vulnerability in Cisco Unified Computing System Central Software 1.3(0.99) The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | 5.0 |
| 2015-07-29 | CVE-2015-4288 | Cryptographic Issues vulnerability in Cisco products The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. | 4.3 |
| 2015-07-29 | CVE-2015-4287 | Permissions, Privileges, and Access Controls vulnerability in Cisco Firepower Extensible Operating System 1.1(1.86) Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. | 5.0 |
| 2015-07-29 | CVE-2015-0732 | Cross-site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. | 4.3 |
| 2015-07-23 | CVE-2015-4285 | Resource Management Errors vulnerability in Cisco IOS XR The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. | 5.0 |
| 2015-07-22 | CVE-2015-4284 | Improper Input Validation vulnerability in Cisco IOS XR 5.3.0 The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. | 5.0 |
| 2015-07-22 | CVE-2015-4281 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server 2.5(1) Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | 6.8 |
| 2015-07-18 | CVE-2015-4280 | Resource Management Errors vulnerability in Cisco Prime Collaboration 10.0 Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. | 5.0 |
| 2015-07-16 | CVE-2015-4278 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 8.5.6106/9.5.0201 Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. | 4.3 |