Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-01 | CVE-2021-43358 | Unspecified vulnerability in SUN Ehrd 8/9 Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | 7.5 |
| 2020-03-27 | CVE-2020-10510 | Incorrect Authorization vulnerability in SUN Ehrd 8/9 Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. | 6.5 |
| 2020-03-27 | CVE-2020-10509 | Cross-site Scripting vulnerability in SUN Ehrd 8.0/9.0 Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | 6.1 |
| 2020-03-27 | CVE-2020-10508 | Unspecified vulnerability in SUN Ehrd 8/9 Sunnet eHRD, a human training and development management system, improperly stores system files. | 7.5 |
| 2016-04-06 | CVE-2016-1291 | Improper Input Validation vulnerability in multiple products Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | 9.8 |
| 2016-04-06 | CVE-2016-1290 | Permissions, Privileges, and Access Controls vulnerability in multiple products The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | 8.1 |
| 2016-04-06 | CVE-2015-6313 | Resource Management Errors vulnerability in multiple products Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. | 7.5 |
| 2016-03-28 | CVE-2016-1314 | Cross-site Scripting vulnerability in SUN Opensolaris Snv124 Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. | 6.1 |
| 2016-03-26 | CVE-2016-1350 | Resource Management Errors vulnerability in multiple products Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | 7.5 |
| 2016-03-26 | CVE-2016-1349 | Resource Management Errors vulnerability in multiple products The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | 7.5 |