Filtered by vendor Cisco
Subscribe
Total
1712 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6317 | 1 Cisco | 1 Identity Services Engine Software | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | |||||
CVE-2016-1398 | 1 Cisco | 6 Rv110w, Rv110w Firmware, Rv130w and 3 more | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. | |||||
CVE-2016-6423 | 1 Cisco | 1 Ios | 2023-12-10 | 6.3 MEDIUM | 6.5 MEDIUM |
The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M and IOS XE allow remote IKEv2 servers to cause a denial of service (device reload) via crafted IKEv2 packets, aka Bug ID CSCux97540. | |||||
CVE-2016-1355 | 1 Cisco | 1 Firesight System Software | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687. | |||||
CVE-2016-1305 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. | |||||
CVE-2016-1321 | 1 Cisco | 1 Universal Small Cell Firmware | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082. | |||||
CVE-2016-6395 | 1 Cisco | 1 Firesight System Software | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. | |||||
CVE-2016-1310 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | |||||
CVE-2016-1323 | 1 Cisco | 1 Spark | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. | |||||
CVE-2016-1342 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | |||||
CVE-2016-1437 | 1 Cisco | 1 Prime Collaboration Deployment | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. | |||||
CVE-2016-1444 | 1 Cisco | 2 Telepresence Video Communication Server, Telepresence Video Communication Server Software | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | |||||
CVE-2016-1474 | 1 Cisco | 1 Prime Infrastructure | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. | |||||
CVE-2016-1300 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | |||||
CVE-2016-6370 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255. | |||||
CVE-2016-1377 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. | |||||
CVE-2015-6423 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782. | |||||
CVE-2016-1433 | 1 Cisco | 1 Ios Xr | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289. | |||||
CVE-2016-1452 | 1 Cisco | 2 Asr 5000, Asr 5000 Software | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | |||||
CVE-2016-1423 | 1 Cisco | 1 Email Security Appliance | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047. |