Filtered by vendor Cisco
Subscribe
Total
6072 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6328 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-09 | 6.8 MEDIUM | N/A |
| The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380. | |||||
| CVE-2015-6332 | 1 Cisco | 1 Prime Infrastructure | 2016-12-09 | 5.0 MEDIUM | N/A |
| Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830. | |||||
| CVE-2015-6331 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. | |||||
| CVE-2015-4265 | 1 Cisco | 1 Ucs B-series Blade Server Software | 2016-12-08 | 4.9 MEDIUM | N/A |
| Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241. | |||||
| CVE-2016-1298 | 1 Cisco | 1 Unified Contact Center Express | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. | |||||
| CVE-2016-1294 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094. | |||||
| CVE-2016-1293 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414. | |||||
| CVE-2016-1296 | 1 Cisco | 1 Web Security Appliance | 2016-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. | |||||
| CVE-2015-6434 | 1 Cisco | 1 Prime Infrastructure | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856. | |||||
| CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |||||
| CVE-2015-6432 | 1 Cisco | 1 Ios Xr | 2016-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | |||||
| CVE-2015-6431 | 1 Cisco | 1 Ios Xe | 2016-12-07 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | |||||
| CVE-2015-6429 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-07 | 5.0 MEDIUM | N/A |
| The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236. | |||||
| CVE-2015-6428 | 1 Cisco | 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | |||||
| CVE-2015-6427 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. | |||||
| CVE-2015-6425 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 5.0 MEDIUM | N/A |
| The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | |||||
| CVE-2015-6424 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2016-12-07 | 7.2 HIGH | N/A |
| The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. | |||||
| CVE-2015-6422 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-12-07 | 4.0 MEDIUM | N/A |
| The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | |||||
| CVE-2015-6421 | 1 Cisco | 1 Wide Area Application Services | 2016-12-07 | 7.8 HIGH | 7.5 HIGH |
| cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted network traffic, aka Bug ID CSCus85330. | |||||
| CVE-2015-6418 | 1 Cisco | 7 Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn Router Firmware, Rv042g Dual Gigabit Wan Vpn Firmware and 4 more | 2016-12-07 | 4.3 MEDIUM | N/A |
| The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. | |||||