CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6151 CVE-2015-6405 352 CSRF 2015-12-12 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.
6152 CVE-2015-6399 399 DoS 2015-12-15 2017-07-07
6.8
None Remote Low Single system None None Complete
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.
6153 CVE-2015-6395 264 2015-12-12 2017-09-12
6.5
None Remote Low Single system Partial Partial Partial
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188.
6154 CVE-2015-6380 78 Exec Code 2015-11-23 2015-11-24
6.5
None Remote Low Single system Partial Partial Partial
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.
6155 CVE-2015-6379 399 DoS 2015-11-24 2017-09-13
6.8
None Remote Low Single system None None Complete
The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223.
6156 CVE-2015-6378 352 CSRF 2015-12-13 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.
6157 CVE-2015-6376 352 CSRF 2015-11-21 2015-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.
6158 CVE-2015-6373 352 CSRF 2015-11-18 2015-11-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.
6159 CVE-2015-6361 20 Exec Code 2015-12-12 2015-12-14
6.5
None Remote Low Single system Partial Partial Partial
The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170.
6160 CVE-2015-6359 119 DoS Overflow 2015-12-15 2016-12-07
6.1
None Local Network Low Not required None None Complete
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217.
6161 CVE-2015-6357 20 Exec Code 2015-11-18 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.
6162 CVE-2015-6350 89 Exec Code Sql 2015-10-30 2016-12-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.
6163 CVE-2015-6345 89 Exec Code Sql 2015-10-30 2016-12-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
6164 CVE-2015-6331 89 Exec Code Sql 2015-10-12 2016-12-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887.
6165 CVE-2015-6330 352 CSRF 2015-11-18 2015-11-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712.
6166 CVE-2015-6329 89 Exec Code Sql 2015-10-12 2016-12-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.
6167 CVE-2015-6328 200 Bypass +Info 2015-10-12 2016-12-09
6.8
None Remote Low Single system Complete None None
The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380.
6168 CVE-2015-6322 264 Bypass 2015-10-12 2016-12-12
6.6
None Local Low Not required None Complete Complete
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.
6169 CVE-2015-6318 20 2015-10-12 2017-01-04
6.9
None Local Medium Not required Complete Complete Complete
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.
6170 CVE-2015-6317 284 Bypass 2016-01-23 2016-12-07
6.8
None Remote Low Single system None Complete None
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
6171 CVE-2015-6316 255 2015-11-06 2017-01-06
6.5
None Remote Low Single system Partial Partial Partial
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.
6172 CVE-2015-6311 399 DoS 2015-10-08 2017-01-04
6.1
None Local Network Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.
6173 CVE-2015-6309 399 DoS 2015-10-02 2018-10-30
6.8
None Remote Low Single system None None Complete
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.
6174 CVE-2015-6307 399 DoS 2015-09-27 2015-09-29
6.1
None Local Network Low Not required None None Complete
Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871.
6175 CVE-2015-6304 352 CSRF 2015-09-24 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.
6176 CVE-2015-6299 89 Exec Code Sql 2015-09-20 2016-12-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.
6177 CVE-2015-6294 399 DoS 2015-09-18 2016-12-29
6.1
None Local Network Low Not required None None Complete
Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.
6178 CVE-2015-6285 134 DoS 2015-09-13 2017-01-04
6.4
None Remote Low Not required None Partial Partial
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.
6179 CVE-2015-6277 399 DoS 2015-09-02 2017-09-19
6.1
None Local Network Low Not required None None Complete
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.
6180 CVE-2015-6263 399 DoS 2015-10-11 2017-01-04
6.3
None Remote Medium Single system None None Complete
The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.
6181 CVE-2015-6262 352 CSRF 2015-08-24 2017-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.
6182 CVE-2015-6254 17 2015-08-17 2015-08-19
6.0
None Remote Medium Single system Partial Partial Partial
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
6183 CVE-2015-6170 264 +Priv 2015-12-09 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability."
6184 CVE-2015-6164 20 XSS Bypass 2015-12-09 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, aka "Internet Explorer XSS Filter Bypass Vulnerability."
6185 CVE-2015-6111 399 DoS 2015-11-11 2018-10-12
6.8
None Remote Low Single system None None Complete
IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles encryption negotiation, which allows remote authenticated users to cause a denial of service (system hang) via crafted IP traffic, aka "Windows IPSec Denial of Service Vulnerability."
6186 CVE-2015-6047 264 +Priv Bypass 2015-10-13 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
The broker EditWith feature in Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the AppContainer protection mechanism and gain privileges via a DelegateExecute launch of an arbitrary application, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."
6187 CVE-2015-6044 264 +Priv 2015-10-13 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 8 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."
6188 CVE-2015-6034 264 +Priv 2015-10-28 2015-10-29
6.9
None Local Medium Not required Complete Complete Complete
EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file.
6189 CVE-2015-6031 119 DoS Exec Code Overflow 2015-11-02 2018-01-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
6190 CVE-2015-6028 89 Sql 2017-04-09 2017-04-13
6.5
None Remote Low Single system Partial Partial Partial
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.
6191 CVE-2015-6007 352 CSRF 2015-09-27 2015-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users.
6192 CVE-2015-6004 89 Exec Code Sql 2015-12-26 2016-12-05
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
6193 CVE-2015-5999 352 CSRF 2015-11-18 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
6194 CVE-2015-5996 352 CSRF 2015-12-31 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
6195 CVE-2015-5991 352 CSRF 2015-09-21 2015-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings.
6196 CVE-2015-5990 352 CSRF 2015-12-31 2015-12-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
6197 CVE-2015-5950 119 Overflow +Priv 2015-09-29 2016-12-07
6.9
None Local Medium Not required Complete Complete Complete
The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.
6198 CVE-2015-5949 119 DoS Exec Code Overflow 2015-08-25 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
6199 CVE-2015-5947 362 Exec Code 2017-09-06 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
6200 CVE-2015-5944 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2015-10-26
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.