Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-06 | CVE-2012-2490 | Improper Input Validation vulnerability in Cisco IP Communicator 8.6 Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. | 5.0 |
| 2012-08-06 | CVE-2012-1342 | Incorrect Authorization vulnerability in Cisco Carrier Routing System 3.9.0/4.0.0/4.1.0 Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | 5.0 |
| 2012-08-06 | CVE-2012-1340 | Buffer Errors vulnerability in Cisco MDS 9000 Nx-Os 4.2/5.2 The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151. | 5.0 |
| 2012-08-06 | CVE-2012-1339 | Buffer Errors vulnerability in Cisco Unified Computing System Infrastructure and Unified Computing System Software 2.0(1Q) The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543. | 5.0 |
| 2012-08-06 | CVE-2012-1338 | Race Condition vulnerability in Cisco products Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. | 6.3 |
| 2012-08-06 | CVE-2012-1367 | Improper Input Validation vulnerability in Cisco IOS The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. | 5.0 |
| 2012-08-06 | CVE-2012-1365 | Unspecified vulnerability in Cisco Unified Computing System Infrastructure and Unified Computing System Software 1.4(1J)/2.0(1Q) Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32463. | 4.0 |
| 2012-08-06 | CVE-2012-1364 | Unspecified vulnerability in Cisco Unified Computing System Infrastructure and Unified Computing System Software 1.4(1J)/2.0(1Q) Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32452. | 4.0 |
| 2012-06-20 | CVE-2012-2496 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client 3.0 A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. | 6.8 |
| 2012-06-20 | CVE-2012-2495 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Desktop The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. | 4.3 |