Vulnerabilities > Cisco > Unity Connection > 10.5.2.3009

DATE CVE VULNERABILITY TITLE RISK
2016-04-21 CVE-2015-6360 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
network
low complexity
cisco CWE-119
7.5
7.5
2016-04-12 CVE-2016-1377 Cross-site Scripting vulnerability in Cisco Unity Connection
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776.
network
cisco CWE-79
4.3
4.3
2016-01-30 CVE-2016-1304 Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009)
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.
network
cisco CWE-79
4.3
4.3
2016-01-27 CVE-2016-1300 Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009)
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.
network
cisco CWE-79
4.3
4.3