Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-15 | CVE-2015-0588 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager 10.0 Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. | 6.8 |
| 2015-01-15 | CVE-2014-8034 | Credentials Management vulnerability in Cisco Webex Meetings Server 1.5 Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. | 5.0 |
| 2015-01-15 | CVE-2014-8022 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776. | 4.3 |
| 2015-01-14 | CVE-2015-0583 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. | 5.0 |
| 2015-01-14 | CVE-2015-0579 | Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473. | 5.0 |
| 2015-01-14 | CVE-2015-0577 | Cross-site Scripting vulnerability in Cisco Asyncos Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. | 4.3 |
| 2015-01-14 | CVE-2014-3314 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. | 5.0 |
| 2015-01-10 | CVE-2015-0582 | Improper Input Validation vulnerability in Cisco Nx-Os The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. | 5.0 |
| 2015-01-10 | CVE-2014-8036 | Improper Input Validation vulnerability in Cisco Webex Meetings Server The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. | 5.0 |
| 2015-01-10 | CVE-2014-8035 | Information Exposure vulnerability in Cisco Webex Meetings Server The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247. | 5.0 |