Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2015-02-28	CVE-2015-0655	Cross-site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. network cisco CWE-79	4.3
2015-02-27	CVE-2015-0651	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Application Networking Manager Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. network cisco CWE-352	6.8
2015-02-27	CVE-2015-0632	Race Condition vulnerability in Cisco IOS and IOS XE Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. cisco CWE-362	5.7
2015-02-27	CVE-2015-0594	Cross-site Scripting vulnerability in Cisco Prime LAN Management Solution and Security Manager Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. network cisco CWE-79	4.3
2015-02-26	CVE-2015-0633	Improper Input Validation vulnerability in Cisco Unified Computing System The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. low complexity cisco CWE-20	6.8
2015-02-21	CVE-2015-0624	Improper Input Validation vulnerability in Cisco products The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. network cisco CWE-20	4.3
2015-02-20	CVE-2015-0628	Information Exposure vulnerability in Cisco web Security Appliance The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. network low complexity cisco CWE-200	5.0
2015-02-19	CVE-2015-0626	Improper Input Validation vulnerability in Cisco Hosted Collaboration Solution The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. network cisco CWE-20	4.3
2015-02-19	CVE-2015-0623	Cross-site Scripting vulnerability in Cisco web Security Appliance Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627. network cisco CWE-79	4.3
2015-02-18	CVE-2015-0620	Improper Input Validation vulnerability in Cisco Telepresence Management Suite The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494. network low complexity cisco CWE-20	4.0