Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-13 | CVE-2014-3364 | Cross-Site Scripting vulnerability in Cisco Prime Security Manager Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661. | 4.3 |
| 2014-12-10 | CVE-2014-8010 | Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager 8.0 The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. | 6.5 |
| 2014-12-10 | CVE-2014-8009 | Information Exposure vulnerability in Cisco Unified Computing System The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. | 5.0 |
| 2014-11-28 | CVE-2014-3407 | Resource Exhaustion vulnerability in Cisco Adaptive Security Appliance Software The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. | 5.0 |
| 2014-11-26 | CVE-2014-8005 | Race Condition vulnerability in Cisco IOS XR Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | 5.0 |
| 2014-11-25 | CVE-2014-8004 | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | 5.0 |
| 2014-11-21 | CVE-2014-8000 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | 5.0 |
| 2014-11-18 | CVE-2014-7996 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Computing System Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. | 6.8 |
| 2014-11-18 | CVE-2014-7992 | Information Exposure vulnerability in Cisco IOS The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | 5.0 |
| 2014-11-15 | CVE-2014-7997 | Resource Management Errors vulnerability in Cisco IOS The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. | 6.1 |