Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-16 | CVE-2013-1197 | Improper Input Validation vulnerability in Cisco Unified Presence The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. | 6.8 |
| 2013-04-16 | CVE-2013-1187 | Improper Input Validation vulnerability in Cisco Jabber Extensible Communications Platform The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762. | 5.0 |
| 2013-04-16 | CVE-2012-5415 | Race Condition vulnerability in Cisco products Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. | 5.4 |
| 2013-04-11 | CVE-2013-1189 | Improper Input Validation vulnerability in Cisco Ubr10012 Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified changes to IP address assignments, aka Bug ID CSCue15313. | 5.7 |
| 2013-04-11 | CVE-2013-1173 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143. | 6.6 |
| 2013-04-11 | CVE-2013-1172 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153. | 6.6 |
| 2013-04-05 | CVE-2013-1174 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Hosted Collaboration Solution Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration Mediation (HCM) in Cisco Hosted Collaboration Solution allows remote attackers to cause a denial of service (temporary service hang) by sending many TCP packets to certain ports, aka Bug ID CSCue03703. | 5.0 |
| 2013-04-01 | CVE-2013-1171 | Cross-Site Scripting vulnerability in Cisco Connected Grid Network Management System Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540. | 4.3 |
| 2013-03-26 | CVE-2013-1162 | Improper Input Validation vulnerability in Cisco IOS XR The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. | 5.0 |
| 2013-03-26 | CVE-2013-1161 | Improper Input Validation vulnerability in Cisco Jabber IM The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383. | 6.3 |