Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-19 | CVE-2014-3325 | Cross-Site Scripting vulnerability in Cisco Unified Customer Voice Portal Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733. | 4.3 |
| 2014-07-18 | CVE-2014-3323 | Path Traversal vulnerability in Cisco Unified Contact Center Enterprise Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. | 4.0 |
| 2014-07-18 | CVE-2014-3321 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149. | 5.7 |
| 2014-07-18 | CVE-2014-3320 | Unspecified vulnerability in Cisco Unified Communications Domain Manager Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. network cisco | 5.8 |
| 2014-07-14 | CVE-2014-3319 | Path Traversal vulnerability in Cisco Unified Communications Manager 10.0(1) Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. | 6.8 |
| 2014-07-14 | CVE-2014-3317 | Path Traversal vulnerability in Cisco Unified Communications Manager 10.0(1) Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. | 5.5 |
| 2014-07-14 | CVE-2013-6691 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list, aka Bug ID CSCuj83344. | 6.8 |
| 2014-07-14 | CVE-2013-5567 | Resource Exhaustion vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606. | 5.4 |
| 2014-07-10 | CVE-2014-3318 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 10.0(1)Base Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. | 4.0 |
| 2014-07-10 | CVE-2014-3316 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 10.0(1)Base The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. | 4.0 |