Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2015-02-12	CVE-2014-3365	Cross-site Scripting vulnerability in Cisco Prime Security Manager Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. network cisco CWE-79	4.3
2015-02-12	CVE-2014-2153	Cross-site Scripting vulnerability in Cisco Prime Infrastructure Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. network cisco CWE-79	4.3
2015-02-12	CVE-2014-2152	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. network cisco CWE-352	6.8
2015-02-12	CVE-2014-2147	Improper Input Validation vulnerability in Cisco Prime Infrastructure The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444. network cisco CWE-20	4.3
2015-02-07	CVE-2015-0602	Information Exposure vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. network low complexity cisco CWE-200	5.0
2015-02-07	CVE-2015-0600	Improper Input Validation vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. network low complexity cisco CWE-20	5.0
2015-02-07	CVE-2015-0605	Permissions, Privileges, and Access Controls vulnerability in Cisco Asyncos The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. network cisco CWE-264	4.3
2015-02-07	CVE-2015-0604	Improper Input Validation vulnerability in Cisco products The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424. network low complexity cisco CWE-20	5.0
2015-02-07	CVE-2015-0603	Permissions, Privileges, and Access Controls vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. local low complexity cisco CWE-264	4.6
2015-02-07	CVE-2015-0601	Improper Input Validation vulnerability in Cisco products Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. local low complexity cisco CWE-20	4.6