Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-08-01 CVE-2015-4294 Cross-site Scripting vulnerability in Cisco Unified Communications Manager IM and Presence Service 10.5(1)/9.0(1)/9.1(1)
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.
network
cisco CWE-79
4.3
4.3
2015-08-01 CVE-2015-4292 Cross-site Scripting vulnerability in Cisco Prime Central for Hosted Collaboration Solution Assurance 10.6(2)
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818.
network
cisco CWE-79
4.3
4.3
2015-08-01 CVE-2015-4289 Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049)
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.
network
low complexity
cisco CWE-22
6.4
6.4
2015-07-30 CVE-2015-4293 Resource Management Errors vulnerability in Cisco IOS XE
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.
network
low complexity
cisco CWE-399
5.0
5.0
2015-07-29 CVE-2015-4290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049)
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.
local
low complexity
cisco apple CWE-119
4.9
4.9
2015-07-29 CVE-2015-4286 Improper Input Validation vulnerability in Cisco Unified Computing System Central Software 1.3(0.99)
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
network
low complexity
cisco CWE-20
5.0
5.0
2015-07-29 CVE-2015-4288 Cryptographic Issues vulnerability in Cisco products
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470.
network
cisco CWE-310
4.3
4.3
2015-07-29 CVE-2015-4287 Permissions, Privileges, and Access Controls vulnerability in Cisco Firepower Extensible Operating System 1.1(1.86)
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.
network
low complexity
cisco CWE-264
5.0
5.0
2015-07-29 CVE-2015-0732 Cross-site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167.
network
cisco CWE-79
4.3
4.3
2015-07-23 CVE-2015-4285 Resource Management Errors vulnerability in Cisco IOS XR
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.
network
low complexity
cisco CWE-399
5.0
5.0