Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-23 | CVE-2014-8025 | Information Exposure vulnerability in Cisco Jabber Guest The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801. | 4.3 |
| 2014-12-23 | CVE-2014-8024 | Information Exposure vulnerability in Cisco Jabber Guest The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789. | 4.3 |
| 2014-12-22 | CVE-2014-8018 | Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0 Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661. | 4.3 |
| 2014-12-22 | CVE-2014-8017 | Information Exposure vulnerability in Cisco Identity Services Engine Software The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673. | 5.0 |
| 2014-12-22 | CVE-2014-8015 | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400. | 4.0 |
| 2014-12-20 | CVE-2014-8019 | Path Traversal vulnerability in Cisco Enterprise Content Delivery System Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148. | 5.0 |
| 2014-12-20 | CVE-2014-8007 | Information Exposure vulnerability in Cisco Prime Infrastructure Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. | 4.0 |
| 2014-12-19 | CVE-2014-8016 | Resource Management Errors vulnerability in Cisco Ironport Email Security Appliances The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. | 5.0 |
| 2014-12-18 | CVE-2014-8014 | Data Processing Errors vulnerability in Cisco IOS XR Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. | 5.0 |
| 2014-12-17 | CVE-2014-8006 | Improper Authentication vulnerability in Cisco Isb8320-E High-Definition Ip-Only DVR The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. | 4.3 |