Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-04 | CVE-2014-2115 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Emergency Responder 1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. | 6.8 |
2014-04-04 | CVE-2014-2114 | Cross-Site Scripting vulnerability in Cisco Emergency Responder 1.1 Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. | 4.3 |
2014-04-02 | CVE-2014-2138 | Improper Input Validation vulnerability in Cisco Security Manager CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. | 4.3 |
2014-04-02 | CVE-2014-2137 | Improper Input Validation vulnerability in Cisco products CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. | 4.3 |
2014-04-02 | CVE-2014-2125 | Cross-Site Scripting vulnerability in Cisco Unity Connection 8.6/8.6(1A)/8.6(2A) Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028. | 4.3 |
2014-03-29 | CVE-2014-2131 | Resource Management Errors vulnerability in Cisco IOS The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. | 6.1 |
2014-03-27 | CVE-2014-2118 | Cross-Site Scripting vulnerability in Cisco Prime Security Manager Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687. | 4.3 |
2014-03-21 | CVE-2014-0708 | Information Exposure vulnerability in Cisco Webex Meeting Center WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272. | 5.0 |
2014-03-19 | CVE-2014-2122 | Improper Input Validation vulnerability in Cisco Hosted Collaboration Solution Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999. | 5.0 |
2014-03-19 | CVE-2014-2121 | Improper Input Validation vulnerability in Cisco Hosted Collaboration Solution The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643. | 5.0 |