Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-15 | CVE-2015-0634 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.5/2.5.0.997 Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuq86310. | 4.3 |
| 2015-05-07 | CVE-2015-0716 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Connection 11.0(0.98000.225)/11.0(0.98000.332) Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. | 6.8 |
| 2015-05-07 | CVE-2015-0715 | SQL Injection vulnerability in Cisco Unity Connection 11.0(0.98000.225) SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. | 6.5 |
| 2015-05-02 | CVE-2015-0714 | Cross-site Scripting vulnerability in Cisco Finesse Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595. | 4.3 |
| 2015-05-01 | CVE-2015-0712 | Resource Management Errors vulnerability in Cisco Staros The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217. | 5.0 |
| 2015-04-29 | CVE-2015-0711 | Resource Management Errors vulnerability in Cisco Staros 18.1.0.59776 The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. | 5.0 |
| 2015-04-29 | CVE-2015-0710 | Resource Management Errors vulnerability in Cisco IOS XE 3.10.0S/3.10S.01 The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335. | 6.1 |
| 2015-04-29 | CVE-2015-0709 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348. | 6.8 |
| 2015-04-29 | CVE-2015-0708 | Resource Management Errors vulnerability in Cisco IOS and IOS XE Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956. | 6.1 |
| 2015-04-23 | CVE-2015-0706 | HTTP Open Redirection vulnerability in Cisco Firesight System Software 5.3.1.1/5.3.1.2/6.0.0 Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. network cisco | 5.8 |