Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-19 | CVE-2015-6255 | Cross-site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051. | 4.3 |
| 2015-08-19 | CVE-2015-4324 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os 4.1(2)E1(1C)/7.2(0)N1(0.1)/7.3(0)Zn(0.81) Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908. | 6.1 |
| 2015-08-19 | CVE-2015-4322 | Permissions, Privileges, and Access Controls vulnerability in Cisco Content Security Management Appliance 8.3.6039/9.1.0103/9.1.031 Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. | 5.5 |
| 2015-08-19 | CVE-2015-4308 | Information Exposure vulnerability in Cisco Edge Bluebird Operating System 1.2 The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968. | 6.8 |
| 2015-08-19 | CVE-2015-4301 | Resource Management Errors vulnerability in Cisco Nx-Os 11.1(1C) Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. | 6.8 |
| 2015-08-19 | CVE-2015-4299 | Improper Access Control vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. | 5.5 |
| 2015-08-19 | CVE-2015-4298 | Improper Access Control vulnerability in Cisco Unified web and E-Mail Interaction Manager 11.0(1)/9.0(2) Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. | 6.5 |
| 2015-08-19 | CVE-2015-4302 | Improper Access Control vulnerability in Cisco Firesight System Software 5.3.1.4 The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. | 6.4 |
| 2015-08-19 | CVE-2015-4297 | Open Redirection vulnerability in Cisco WebEx Node for MCS Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136. network cisco | 5.8 |
| 2015-08-01 | CVE-2015-4295 | Information Exposure vulnerability in Cisco Unified Communications Manager 10.5(3.10000.9) The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. | 4.0 |