Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-07 | CVE-2015-0770 | Improper Input Validation vulnerability in Cisco Telepresence TC Software CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. | 5.0 |
2015-06-04 | CVE-2015-0766 | Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. | 4.3 |
2015-06-04 | CVE-2015-0765 | Resource Management Errors vulnerability in Cisco ONS 15454 System Software 10.30/10.301 Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263. | 5.0 |
2015-06-04 | CVE-2015-0764 | Information Exposure vulnerability in Cisco Unified Meetingplace 8.6(1.9) Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. | 5.0 |
2015-06-04 | CVE-2015-0763 | Information Exposure vulnerability in Cisco Unified Meetingplace 8.6(1.2) Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | 5.0 |
2015-06-04 | CVE-2015-0762 | Cross-site Scripting vulnerability in Cisco Unified Meetingplace 8.6(1.2)/8.6(1.9) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. | 4.3 |
2015-06-04 | CVE-2015-0760 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. | 4.0 |
2015-06-02 | CVE-2015-0759 | Improper Input Validation vulnerability in Cisco Headend Digital Broadband Delivery System Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2015-05-30 | CVE-2015-0758 | Information Exposure vulnerability in Cisco Unified Meetingplace 8.6(1.9) The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452. | 4.0 |
2015-05-30 | CVE-2015-0747 | Improper Input Validation vulnerability in Cisco products Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. | 4.3 |