Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-03-07 | CVE-2013-1154 | Resource Management Errors vulnerability in Cisco products The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76 and earlier allow remote attackers to cause a denial of service (SSL/TLS layer outage) via malformed (1) SSH or (2) SSL packets, aka Bug ID CSCua30246. | 5.0 |
2013-03-07 | CVE-2013-1153 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Infrastructure Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676. | 6.8 |
2013-03-06 | CVE-2013-1140 | Information Exposure vulnerability in Cisco Security Monitoring Analysis and Response System The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093. | 4.3 |
2013-03-05 | CVE-2012-6026 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Aironet Access Point Software The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460. | 6.1 |
2013-02-28 | CVE-2013-1141 | Buffer Errors vulnerability in Cisco products The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153. | 6.1 |
2013-02-28 | CVE-2013-1124 | Cryptographic Issues vulnerability in Cisco Network Admission Control The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle attackers to spoof ISE servers via an arbitrary certificate, aka Bug ID CSCub24309. | 5.8 |
2013-02-27 | CVE-2013-1139 | Permissions, Privileges, and Access Controls vulnerability in Cisco Cloud Portal The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134. | 4.0 |
2013-02-19 | CVE-2013-1129 | Resource Management Errors vulnerability in Cisco Unity Connection Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. | 5.0 |
2013-02-19 | CVE-2013-1125 | Improper Input Validation vulnerability in Cisco products The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042. | 6.8 |
2013-02-15 | CVE-2013-1128 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Meetingplace Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. | 6.8 |