Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-20 | CVE-2014-3268 | Improper Input Validation vulnerability in Cisco IOS and Unified Border Element Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215. | 5.0 |
| 2014-05-20 | CVE-2014-3265 | Cross-Site Scripting vulnerability in Cisco Security Manager 4.2 Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900. | 4.3 |
| 2014-05-20 | CVE-2014-3264 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561. network cisco | 6.3 |
| 2014-05-20 | CVE-2014-2199 | Information Exposure vulnerability in Cisco products meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. | 5.0 |
| 2014-05-20 | CVE-2014-2195 | Improper Input Validation vulnerability in Cisco products Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085. | 4.3 |
| 2014-05-20 | CVE-2014-2194 | Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. | 6.8 |
| 2014-05-20 | CVE-2014-2193 | Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084. | 4.3 |
| 2014-05-20 | CVE-2014-2192 | Cross-Site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033. | 4.3 |
| 2014-05-20 | CVE-2013-6975 | Path Traversal vulnerability in Cisco Nx-Os Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | 4.6 |
| 2014-05-16 | CVE-2014-3263 | Improper Input Validation vulnerability in Cisco IOS 15.3(3)M/15.3M The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. | 5.4 |