Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-09-11 | CVE-2014-5868 | Cryptographic Issues vulnerability in Cisco Technical Support 3.7.1 The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-10 | CVE-2014-3348 | Improper Input Validation vulnerability in Cisco products The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206. | 5.0 |
2014-09-10 | CVE-2014-3343 | Improper Input Validation vulnerability in Cisco IOS XR 5.1.0 Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. | 4.3 |
2014-08-30 | CVE-2014-3352 | Improper Input Validation vulnerability in Cisco Cloud Portal Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801. | 4.3 |
2014-08-29 | CVE-2014-3351 | Information Exposure vulnerability in Cisco Cloud Portal Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380. | 5.0 |
2014-08-29 | CVE-2014-3350 | Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870. | 4.0 |
2014-08-29 | CVE-2014-3349 | Improper Input Validation vulnerability in Cisco Cloud Portal Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. | 4.0 |
2014-08-29 | CVE-2014-3346 | Improper Input Validation vulnerability in Cisco Transport Gateway Installation Software 4.0 The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service (service crash) via a crafted string, aka Bug ID CSCuq31819. | 6.3 |
2014-08-28 | CVE-2014-3347 | Resource Management Errors vulnerability in Cisco products Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897. | 5.4 |
2014-08-28 | CVE-2014-3345 | Permissions, Privileges, and Access Controls vulnerability in Cisco Transport Gateway Installation Software 4.0 The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503. | 5.0 |