Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-05-30 CVE-2015-0745 Information Exposure vulnerability in Cisco products
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.
network
low complexity
cisco CWE-200
5.0
5.0
2015-05-30 CVE-2015-0743 Resource Management Errors vulnerability in Cisco products
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.
network
low complexity
cisco CWE-399
5.0
5.0
2015-05-30 CVE-2015-0733 HTTP Response Splitting vulnerability in Cisco Headend Digital Broadband Delivery System
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580.
network
cisco CWE-113
4.3
4.3
2015-05-29 CVE-2015-0757 Information Exposure vulnerability in Cisco Identity Services Engine Software 1.2(1.901)/1.3(0.722)
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
network
low complexity
cisco CWE-200
5.0
5.0
2015-05-29 CVE-2015-0756 Improper Input Validation vulnerability in Cisco Wireless LAN Controller 7.4(1.1)
Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.
low complexity
cisco CWE-20
6.1
6.1
2015-05-29 CVE-2015-0755 Improper Access Control vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(64)
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.
local
low complexity
cisco CWE-284
6.8
6.8
2015-05-29 CVE-2015-0753 Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2)
SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028.
network
cisco CWE-20
6.8
6.8
2015-05-29 CVE-2015-0752 Cross-site Scripting vulnerability in Cisco Telepresence Video Communication Server X8.5.1
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.
network
cisco CWE-79
4.3
4.3
2015-05-23 CVE-2015-0750 Permissions, Privileges, and Access Controls vulnerability in Cisco Hosted Collaboration Solution
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.
network
low complexity
cisco CWE-264
6.5
6.5
2015-05-22 CVE-2015-0746 7PK - Security Features vulnerability in Cisco Secure Access Control Server 5.5(0.46.2)
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.
network
low complexity
cisco CWE-254
5.0
5.0