Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-22 | CVE-2015-4284 | Improper Input Validation vulnerability in Cisco IOS XR 5.3.0 The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. | 5.0 |
| 2015-07-22 | CVE-2015-4281 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server 2.5(1) Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | 6.8 |
| 2015-07-18 | CVE-2015-4280 | Resource Management Errors vulnerability in Cisco Prime Collaboration 10.0 Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. | 5.0 |
| 2015-07-16 | CVE-2015-4278 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware 8.5.6106/9.5.0201 Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. | 4.3 |
| 2015-07-16 | CVE-2015-4276 | Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.5(1) Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. | 6.5 |
| 2015-07-16 | CVE-2015-4275 | Resource Management Errors vulnerability in Cisco ASR 5000 Series Software 18.0.0.59167/18.0.0.59211 The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534. | 5.0 |
| 2015-07-16 | CVE-2015-4274 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.0(1)/10.6(1) Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. | 6.8 |
| 2015-07-16 | CVE-2015-4266 | Improper Input Validation vulnerability in Cisco Identity Services Engine Software 1.1(4.1)/1.3(106.146)/1.3(120.135) The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. | 4.3 |
| 2015-07-15 | CVE-2015-4271 | Improper Access Control vulnerability in Cisco Telepresence TC Software Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. | 6.4 |
| 2015-07-15 | CVE-2015-4267 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. | 6.8 |