Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-20 | CVE-2013-5501 | Cross-Site Scripting vulnerability in Cisco Mediasense Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328. | 4.3 |
2013-09-20 | CVE-2013-5500 | Cross-Site Scripting vulnerability in Cisco Mediasense Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338. | 4.3 |
2013-09-20 | CVE-2013-1130 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. | 6.8 |
2013-09-20 | CVE-2012-4093 | Improper Input Validation vulnerability in Cisco Unified Computing System The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. | 4.6 |
2013-09-20 | CVE-2012-4083 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Computing System Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751. | 4.0 |
2013-09-20 | CVE-2012-4074 | Credentials Management vulnerability in Cisco Unified Computing System The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. | 5.8 |
2013-09-20 | CVE-2012-4073 | Cryptographic Issues vulnerability in Cisco Unified Computing System The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. | 5.8 |
2013-09-20 | CVE-2012-4072 | Improper Input Validation vulnerability in Cisco Unified Computing System The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327. | 4.3 |
2013-09-19 | CVE-2013-5497 | Improper Authentication vulnerability in Cisco Intrusion Prevention System The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148. | 4.3 |
2013-09-19 | CVE-2013-1121 | Resource Management Errors vulnerability in Cisco Nx-Os The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. | 5.4 |