Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-12-13 CVE-2014-3364 Cross-Site Scripting vulnerability in Cisco Prime Security Manager
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661.
network
cisco CWE-79
4.3
2014-12-10 CVE-2014-8010 Improper Input Validation vulnerability in Cisco Unified Communications Domain Manager 8.0
The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.
network
low complexity
cisco CWE-20
6.5
2014-12-10 CVE-2014-8009 Information Exposure vulnerability in Cisco Unified Computing System
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239.
network
low complexity
cisco CWE-200
5.0
2014-11-28 CVE-2014-3407 Resource Exhaustion vulnerability in Cisco Adaptive Security Appliance Software
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.
network
low complexity
cisco CWE-400
5.0
2014-11-26 CVE-2014-8005 Race Condition vulnerability in Cisco IOS XR
Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
network
low complexity
cisco CWE-362
5.0
2014-11-25 CVE-2014-8004 Resource Management Errors vulnerability in Cisco IOS XR
Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.
network
low complexity
cisco CWE-399
5.0
2014-11-21 CVE-2014-8000 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1)
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.
network
low complexity
cisco CWE-264
5.0
2014-11-18 CVE-2014-7996 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Computing System
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.
network
cisco CWE-352
6.8
2014-11-18 CVE-2014-7992 Information Exposure vulnerability in Cisco IOS
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
network
low complexity
cisco CWE-200
5.0
2014-11-15 CVE-2014-7997 Resource Management Errors vulnerability in Cisco IOS
The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281.
low complexity
cisco CWE-399
6.1