Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-26 | CVE-2014-3275 | SQL Injection vulnerability in Cisco Identity Services Engine Software SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337. | 6.5 |
| 2014-05-26 | CVE-2014-3274 | Cryptographic Issues vulnerability in Cisco Telepresence System Software Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326. | 4.3 |
| 2014-05-26 | CVE-2014-3272 | Improper Input Validation vulnerability in Cisco Tidal Enterprise Scheduler The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. | 6.0 |
| 2014-05-26 | CVE-2014-3267 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Security Manager Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427. | 6.8 |
| 2014-05-26 | CVE-2014-3266 | Cross-Site Scripting vulnerability in Cisco Security Manager Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189. | 4.3 |
| 2014-05-25 | CVE-2014-3284 | Improper Input Validation vulnerability in Cisco products Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | 6.1 |
| 2014-05-20 | CVE-2014-3273 | Improper Input Validation vulnerability in Cisco IOS The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | 6.1 |
| 2014-05-20 | CVE-2014-3271 | Improper Input Validation vulnerability in Cisco IOS XR The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | 5.0 |
| 2014-05-20 | CVE-2014-3270 | Improper Input Validation vulnerability in Cisco IOS XR The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. | 5.0 |
| 2014-05-20 | CVE-2014-3269 | Improper Input Validation vulnerability in Cisco IOS XE 3.5E The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | 6.8 |