Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-01 | CVE-2012-3913 | Denial of Service vulnerability in Cisco products The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019. | 5.0 |
| 2013-07-31 | CVE-2013-3425 | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex 11.0 The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. | 4.0 |
| 2013-07-29 | CVE-2013-3445 | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572. | 5.0 |
| 2013-07-24 | CVE-2013-3438 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Meetingplace web Conferencing The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. | 5.0 |
| 2013-07-23 | CVE-2013-3440 | Cross-Site Scripting vulnerability in Cisco Unified Operations Manager Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186. | 4.3 |
| 2013-07-23 | CVE-2013-3439 | Cross-Site Scripting vulnerability in Cisco Unified Operations Manager Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182. | 4.3 |
| 2013-07-23 | CVE-2013-3441 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID CSCuh71210. | 5.4 |
| 2013-07-23 | CVE-2013-3437 | SQL Injection vulnerability in Cisco Unified Operations Manager SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179. | 6.5 |
| 2013-07-23 | CVE-2013-3435 | Resource Management Errors vulnerability in Cisco products The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052. | 5.0 |
| 2013-07-19 | CVE-2013-3436 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. | 5.0 |