Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-08-28 | CVE-2014-3344 | Cross-Site Scripting vulnerability in Cisco Transport Gateway Installation Software 4.0 Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563. | 4.3 |
2014-08-26 | CVE-2014-3335 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750. | 4.6 |
2014-08-20 | CVE-2014-3340 | Path Traversal vulnerability in Cisco Webex Meetmenow Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166. | 4.0 |
2014-08-20 | CVE-2014-3331 | Improper Input Validation vulnerability in Cisco ASR 5000 Series Software The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914. | 4.3 |
2014-08-19 | CVE-2014-3341 | Information Exposure vulnerability in Cisco products The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616. | 5.0 |
2014-08-12 | CVE-2014-3339 | SQL Injection vulnerability in Cisco products Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | 6.5 |
2014-08-12 | CVE-2014-3337 | Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. | 6.8 |
2014-08-11 | CVE-2014-3330 | Permissions, Privileges, and Access Controls vulnerability in Cisco Nexus 9000 and Nx-Os Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood of packets matching a policy that contains the log keyword, aka Bug ID CSCuo02489. | 5.0 |
2014-08-11 | CVE-2014-3336 | SQL Injection vulnerability in Cisco Unity Connection 9.1(1)/9.1(2) SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | 6.5 |
2014-08-11 | CVE-2014-3332 | Unspecified vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. | 4.0 |