Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-07 | CVE-2013-5557 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577. network cisco | 6.3 |
| 2015-02-03 | CVE-2015-0599 | 7PK - Security Features vulnerability in Cisco Unified Computing System The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. | 4.3 |
| 2015-02-03 | CVE-2014-8021 | Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client and Hostscan Engine Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149. | 4.3 |
| 2015-02-03 | CVE-2014-8013 | Improper Input Validation vulnerability in Cisco Nx-Os The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. | 4.9 |
| 2015-02-02 | CVE-2015-0597 | Improper Input Validation vulnerability in Cisco Webex Meetings Server The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. | 5.0 |
| 2015-02-02 | CVE-2015-0596 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. | 6.8 |
| 2015-02-02 | CVE-2015-0595 | Information Exposure vulnerability in Cisco Webex Meetings Server The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. | 5.0 |
| 2015-01-22 | CVE-2014-8008 | Information Exposure vulnerability in Cisco Unified Communications Manager Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | 6.8 |
| 2015-01-17 | CVE-2015-0590 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165. | 5.0 |
| 2015-01-15 | CVE-2015-0591 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.0 Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. | 5.0 |