Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-05-30 | CVE-2015-0745 | Information Exposure vulnerability in Cisco products Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909. | 5.0 |
2015-05-30 | CVE-2015-0743 | Resource Management Errors vulnerability in Cisco products Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097. | 5.0 |
2015-05-30 | CVE-2015-0733 | HTTP Response Splitting vulnerability in Cisco Headend Digital Broadband Delivery System CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580. | 4.3 |
2015-05-29 | CVE-2015-0757 | Information Exposure vulnerability in Cisco Identity Services Engine Software 1.2(1.901)/1.3(0.722) The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140. | 5.0 |
2015-05-29 | CVE-2015-0756 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller 7.4(1.1) Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. | 6.1 |
2015-05-29 | CVE-2015-0755 | Improper Access Control vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(64) The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797. | 6.8 |
2015-05-29 | CVE-2015-0753 | Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028. | 6.8 |
2015-05-29 | CVE-2015-0752 | Cross-site Scripting vulnerability in Cisco Telepresence Video Communication Server X8.5.1 Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635. | 4.3 |
2015-05-23 | CVE-2015-0750 | Permissions, Privileges, and Access Controls vulnerability in Cisco Hosted Collaboration Solution The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786. | 6.5 |
2015-05-22 | CVE-2015-0746 | 7PK - Security Features vulnerability in Cisco Secure Access Control Server 5.5(0.46.2) The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | 5.0 |