Cisco CVE - CVE Search - CVE Details

Filtered by vendor Cisco Subscribe

Total 5838 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2015-6307	1 Cisco	1 Firepower	2015-09-29	6.1 MEDIUM	N/A
Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871.
CVE-2015-6303	1 Cisco	1 Spark	2015-09-24	4.3 MEDIUM	N/A
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844.
CVE-2015-0581	1 Cisco	1 Prime Service Catalog	2015-09-17	7.5 HIGH	N/A
The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.
CVE-2014-3266	1 Cisco	1 Security Manager	2015-09-16	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.
CVE-2014-3275	1 Cisco	1 Identity Services Engine Software	2015-09-16	6.5 MEDIUM	N/A
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.
CVE-2014-2186	1 Cisco	1 Webex Meetings Server	2015-09-16	6.8 MEDIUM	N/A
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777.
CVE-2014-2192	1 Cisco	1 Unified Web And E-mail Interaction Manager	2015-09-16	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.
CVE-2014-2145	1 Cisco	1 Unity Connection	2015-09-16	4.0 MEDIUM	N/A
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
CVE-2014-2125	1 Cisco	1 Unity Connection	2015-09-16	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.
CVE-2014-2118	1 Cisco	1 Prime Security Manager	2015-09-16	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
CVE-2014-2120	1 Cisco	1 Adaptive Security Appliance Software	2015-09-16	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
CVE-2014-2116	1 Cisco	1 Emergency Responder	2015-09-16	4.3 MEDIUM	N/A
Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.
CVE-2014-2115	1 Cisco	1 Emergency Responder	2015-09-16	6.8 MEDIUM	N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.
CVE-2014-2117	1 Cisco	1 Emergency Responder	2015-09-16	4.3 MEDIUM	N/A
Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.
CVE-2014-2114	1 Cisco	1 Emergency Responder	2015-09-16	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.
CVE-2014-2104	1 Cisco	1 Unified Communications Domain Manager	2015-09-16	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.
CVE-2014-0735	1 Cisco	1 Unified Communications Manager	2015-09-16	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.
CVE-2014-0734	1 Cisco	1 Unified Communications Manager	2015-09-16	7.5 HIGH	N/A
SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.
CVE-2014-0726	1 Cisco	1 Unified Communications Manager	2015-09-16	7.5 HIGH	N/A
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
CVE-2014-0727	1 Cisco	1 Unified Communications Manager	2015-09-16	7.5 HIGH	N/A
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.

Vulnerabilities (CVE)