Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0614 | 1 Cisco | 1 Unity Connection | 2015-09-29 | 7.1 HIGH | N/A |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. | |||||
CVE-2015-0613 | 1 Cisco | 1 Unity Connection | 2015-09-29 | 7.1 HIGH | N/A |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444. | |||||
CVE-2015-0612 | 1 Cisco | 3 Unity Connection, Unity Connection 8.5, Unity Connection 8.6 | 2015-09-29 | 7.1 HIGH | N/A |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062. | |||||
CVE-2015-0616 | 1 Cisco | 1 Unity Connection | 2015-09-29 | 7.1 HIGH | N/A |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819. | |||||
CVE-2015-0615 | 1 Cisco | 1 Unity Connection | 2015-09-29 | 7.1 HIGH | N/A |
The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089. | |||||
CVE-2014-2145 | 1 Cisco | 1 Unity Connection | 2015-09-16 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071. | |||||
CVE-2014-2125 | 1 Cisco | 1 Unity Connection | 2015-09-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028. | |||||
CVE-2015-0716 | 1 Cisco | 1 Unity Connection | 2015-09-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. | |||||
CVE-2015-0715 | 1 Cisco | 1 Unity Connection | 2015-09-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. | |||||
CVE-2013-5534 | 1 Cisco | 1 Unity Connection | 2013-10-21 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948. | |||||
CVE-2013-1129 | 1 Cisco | 1 Unity Connection | 2013-02-19 | 5.0 MEDIUM | N/A |
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. | |||||
CVE-2012-0366 | 1 Cisco | 1 Unity Connection | 2012-02-29 | 9.0 HIGH | N/A |
Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. | |||||
CVE-2012-0367 | 1 Cisco | 1 Unity Connection | 2012-02-29 | 7.8 HIGH | N/A |
Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segments, aka Bug ID CSCtq67899. |