Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-12-23
Updated
2017-01-03
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.
Max CVSS
4.3
EPSS Score
0.32%
Published
2014-12-23
Updated
2017-01-03
The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789.
Max CVSS
4.3
EPSS Score
0.32%
Published
2014-12-23
Updated
2017-01-03
Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.
Max CVSS
5.0
EPSS Score
0.34%
Published
2014-12-20
Updated
2017-01-03
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-12-22
Updated
2017-01-03
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.
Max CVSS
5.0
EPSS Score
0.28%
Published
2014-12-22
Updated
2017-01-03
The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864.
Max CVSS
5.0
EPSS Score
0.19%
Published
2014-12-19
Updated
2014-12-19
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.
Max CVSS
4.0
EPSS Score
0.08%
Published
2014-12-22
Updated
2017-01-03
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710.
Max CVSS
5.0
EPSS Score
0.19%
Published
2014-12-18
Updated
2017-01-03
Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-12-18
Updated
2023-08-11
The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.
Max CVSS
6.5
EPSS Score
0.18%
Published
2014-12-10
Updated
2017-01-03
The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239.
Max CVSS
5.0
EPSS Score
0.26%
Published
2014-12-10
Updated
2015-01-24
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.
Max CVSS
4.0
EPSS Score
0.10%
Published
2014-12-20
Updated
2017-01-03
The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.
Max CVSS
4.3
EPSS Score
0.15%
Published
2014-12-17
Updated
2014-12-17
Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
Max CVSS
5.0
EPSS Score
1.36%
Published
2014-11-26
Updated
2017-09-08
Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.
Max CVSS
5.0
EPSS Score
0.56%
Published
2014-11-25
Updated
2017-09-08
Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998.
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-12-10
Updated
2015-01-24
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.
Max CVSS
7.5
EPSS Score
8.18%
Published
2014-11-25
Updated
2014-11-26
Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.
Max CVSS
7.5
EPSS Score
27.50%
Published
2014-11-25
Updated
2014-11-26
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.
Max CVSS
5.0
EPSS Score
0.57%
Published
2014-11-21
Updated
2017-09-08
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.
Max CVSS
7.7
EPSS Score
0.12%
Published
2014-12-24
Updated
2014-12-24
Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.
Max CVSS
7.1
EPSS Score
0.41%
Published
2014-11-15
Updated
2017-09-08
The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281.
Max CVSS
6.1
EPSS Score
0.45%
Published
2014-11-15
Updated
2017-09-08
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477.
Max CVSS
6.8
EPSS Score
0.20%
Published
2014-11-18
Updated
2017-09-08
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077.
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-12-24
Updated
2014-12-24
368 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!