Total
107 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6435 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | |||||
CVE-2015-6355 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.0 MEDIUM | N/A |
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. | |||||
CVE-2014-7996 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. | |||||
CVE-2015-0599 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 4.3 MEDIUM | N/A |
The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. | |||||
CVE-2015-0633 | 1 Cisco | 19 C200 M1, C200 M2, C210 M2 and 16 more | 2024-02-28 | 6.8 MEDIUM | N/A |
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. | |||||
CVE-2014-8009 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.0 MEDIUM | N/A |
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. | |||||
CVE-2014-8003 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 7.2 HIGH | N/A |
Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. | |||||
CVE-2012-4085 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.0 MEDIUM | N/A |
The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761. | |||||
CVE-2012-4108 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | |||||
CVE-2012-4073 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.8 MEDIUM | N/A |
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. | |||||
CVE-2012-4102 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.8 MEDIUM | N/A |
The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600. | |||||
CVE-2012-4088 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 4.3 MEDIUM | N/A |
The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. | |||||
CVE-2012-4096 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.2 MEDIUM | N/A |
The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574. | |||||
CVE-2013-5550 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. | |||||
CVE-2012-4110 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.8 MEDIUM | N/A |
run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. | |||||
CVE-2012-4078 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 8.5 HIGH | N/A |
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. | |||||
CVE-2012-4114 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.8 MEDIUM | N/A |
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. | |||||
CVE-2012-4083 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 4.0 MEDIUM | N/A |
Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751. | |||||
CVE-2012-4112 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.8 MEDIUM | N/A |
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. | |||||
CVE-2012-4107 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489. |