Filtered by vendor Cisco
Subscribe
Total
6186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4295 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | N/A |
| The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. | |||||
| CVE-2015-4294 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. | |||||
| CVE-2015-4293 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 5.0 MEDIUM | N/A |
| The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. | |||||
| CVE-2015-4292 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818. | |||||
| CVE-2015-4291 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.8 HIGH | N/A |
| Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. | |||||
| CVE-2015-4290 | 2 Apple, Cisco | 2 Mac Os X, Anyconnect Secure Mobility Client | 2024-11-21 | 4.9 MEDIUM | N/A |
| The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255. | |||||
| CVE-2015-4289 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. | |||||
| CVE-2015-4288 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2024-11-21 | 4.3 MEDIUM | N/A |
| The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. | |||||
| CVE-2015-4287 | 1 Cisco | 1 Firepower Extensible Operating System | 2024-11-21 | 5.0 MEDIUM | N/A |
| Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. | |||||
| CVE-2015-4286 | 1 Cisco | 1 Unified Computing System Central Software | 2024-11-21 | 5.0 MEDIUM | N/A |
| The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||||
| CVE-2015-4285 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. | |||||
| CVE-2015-4284 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. | |||||
| CVE-2015-4283 | 1 Cisco | 1 Videoscape Policy Resource Manager | 2024-11-21 | 7.8 HIGH | N/A |
| Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCuu35104 and CSCuu35128. | |||||
| CVE-2015-4282 | 1 Cisco | 1 Mobility Services Engine | 2024-11-21 | 6.9 MEDIUM | N/A |
| Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | |||||
| CVE-2015-4281 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | |||||
| CVE-2015-4280 | 1 Cisco | 1 Prime Collaboration | 2024-11-21 | 5.0 MEDIUM | N/A |
| Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. | |||||
| CVE-2015-4279 | 1 Cisco | 1 Unified Computing System | 2024-11-21 | 7.2 HIGH | N/A |
| The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. | |||||
| CVE-2015-4278 | 1 Cisco | 1 Email Security Appliance Firmware | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. | |||||
| CVE-2015-4277 | 1 Cisco | 12 Nexus 93120tx, Nexus 93128tx, Nexus 9332pq and 9 more | 2024-11-21 | 4.9 MEDIUM | N/A |
| The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842. | |||||
| CVE-2015-4276 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | 6.5 MEDIUM | N/A |
| Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. | |||||