Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-10 | CVE-2014-3315 | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 10.0(1)Base Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. | 4.3 |
| 2014-07-10 | CVE-2014-3311 | Buffer Errors vulnerability in Cisco Webex Meeting Center and Webex Meetings Server Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467. | 5.1 |
| 2014-07-10 | CVE-2014-3310 | Improper Input Validation vulnerability in Cisco Webex Meeting Center and Webex Meetings Server The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. | 4.3 |
| 2014-07-09 | CVE-2014-3313 | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582. | 4.3 |
| 2014-07-09 | CVE-2014-3312 | Improper Authentication vulnerability in Cisco products The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435. | 6.9 |
| 2014-07-09 | CVE-2014-3309 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | 5.0 |
| 2014-07-07 | CVE-2014-3308 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. | 6.4 |
| 2014-07-02 | CVE-2014-3307 | Remote Arbitrary Command Execution vulnerability in Cisco Small Cell DHCP Message Processing The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513. high complexity cisco | 6.8 |
| 2014-07-02 | CVE-2014-3298 | Credentials Management vulnerability in Cisco Cloud Portal Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. | 4.0 |
| 2014-07-02 | CVE-2014-3297 | Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927. | 4.0 |