CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2015-4278 20 DoS 2015-07-16 2018-10-30
4.3
None Remote Medium Not required None None Partial
Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806.
202 CVE-2015-4276 20 Exec Code 2015-07-16 2017-09-21
6.5
None Remote Low Single system Partial Partial Partial
Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138.
203 CVE-2015-4275 399 DoS 2015-07-16 2017-09-21
5.0
None Remote Low Not required None None Partial
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534.
204 CVE-2015-4274 352 CSRF 2015-07-16 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.
205 CVE-2015-4273 20 DoS 2015-07-15 2016-12-28
5.0
None Remote Low Not required None None Partial
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476.
206 CVE-2015-4272 79 XSS 2015-07-14 2016-12-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.
207 CVE-2015-4271 284 Bypass 2015-07-15 2016-12-28
6.4
None Remote Low Not required Partial Partial None
Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604.
208 CVE-2015-4270 79 XSS 2015-07-14 2016-12-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702.
209 CVE-2015-4269 399 DoS 2015-07-14 2016-12-28
4.0
None Remote Low Single system None None Partial
The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
210 CVE-2015-4268 79 XSS 2015-07-14 2016-12-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052.
211 CVE-2015-4267 352 CSRF 2015-07-15 2016-12-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.
212 CVE-2015-4266 20 XSS 2015-07-16 2017-09-21
4.3
None Remote Medium Not required None Partial None
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556.
213 CVE-2015-4263 200 +Info 2015-07-10 2016-12-28
4.0
None Remote Low Single system Partial None None
The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851.
214 CVE-2015-4262 255 2015-07-24 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
215 CVE-2015-4260 79 XSS 2015-07-10 2016-12-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14862.
216 CVE-2015-4259 310 Bypass 2015-07-10 2016-12-28
4.3
None Remote Medium Not required Partial None None
The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.
217 CVE-2015-4258 352 CSRF 2015-07-09 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444.
218 CVE-2015-4257 352 CSRF 2015-07-09 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710.
219 CVE-2015-4256 352 CSRF 2015-07-09 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736.
220 CVE-2015-4255 352 CSRF 2015-07-09 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734.
221 CVE-2015-4254 352 CSRF 2015-07-10 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
222 CVE-2015-4253 352 CSRF 2015-07-09 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90728.
223 CVE-2015-4252 352 CSRF 2015-07-09 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724.
224 CVE-2015-4249 79 XSS 2015-07-13 2015-07-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCuv01955.
225 CVE-2015-4247 79 XSS 2015-07-21 2015-07-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the admin site component in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv01971.
226 CVE-2015-4246 79 XSS 2015-07-21 2015-07-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv01955.
227 CVE-2015-4245 XSS 2015-07-21 2015-07-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCut92274.
228 CVE-2015-4244 78 Exec Code 2015-07-10 2016-12-29
7.2
None Local Low Not required Complete Complete Complete
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.
229 CVE-2015-4243 399 DoS 2015-07-08 2016-12-29
6.1
None Local Network Low Not required None None Complete
The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202.
230 CVE-2015-4242 352 CSRF 2015-07-08 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721.
231 CVE-2015-4241 399 DoS 2015-07-08 2016-12-29
6.1
None Local Network Low Not required None None Complete
Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52679.
232 CVE-2015-4240 399 DoS 2015-07-08 2016-12-29
5.0
None Remote Low Not required None None Partial
Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656.
233 CVE-2015-4239 399 DoS 2015-07-03 2016-12-28
6.1
None Local Network Low Not required None None Complete
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.
234 CVE-2015-4238 399 DoS 2015-07-02 2016-12-28
6.8
None Remote Low Single system None None Complete
The SNMP implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4(7) and 8.6(1.2) allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests during a time of high network traffic, aka Bug ID CSCul02601.
235 CVE-2015-4237 78 Exec Code 2015-07-03 2016-12-28
4.6
None Local Low Not required Partial Partial Partial
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
236 CVE-2015-4236 399 DoS 2015-07-10 2018-10-30
4.3
None Remote Medium Not required None None Partial
Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636.
237 CVE-2015-4235 264 2015-07-24 2017-09-20
9.0
None Remote Low Single system Complete Complete Complete
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.
238 CVE-2015-4234 264 2015-07-03 2016-12-28
7.2
None Local Low Not required Complete Complete Complete
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.
239 CVE-2015-4233 89 Exec Code Sql 2015-07-02 2016-12-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037.
240 CVE-2015-4232 264 Exec Code 2015-07-03 2016-12-28
4.6
User Local Low Not required Partial Partial Partial
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
241 CVE-2015-4231 264 Bypass 2015-07-03 2016-12-28
3.6
None Local Low Not required None Partial Partial
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
242 CVE-2015-4230 399 DoS 2015-07-06 2016-12-28
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91854.
243 CVE-2015-4228 399 DoS 2015-07-02 2015-07-02
5.4
None Remote High Not required None None Complete
Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999.
244 CVE-2015-4196 255 2015-07-04 2016-12-28
5.0
None Remote Low Not required Partial None None
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.
245 CVE-2015-4129 89 Exec Code Sql 2015-07-05 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.
246 CVE-2015-4111 20 Exec Code 2015-07-19 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file.
247 CVE-2015-4034 284 2015-07-06 2016-12-05
7.9
None Local Network Medium Not required Complete Complete Complete
The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.
248 CVE-2015-4033 200 +Info 2015-07-06 2019-07-03
3.3
None Local Network Low Not required Partial None None
Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000.
249 CVE-2015-3958 19 DoS 2015-07-06 2016-12-05
7.8
None Remote Low Not required None None Complete
Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets.
250 CVE-2015-3957 255 2015-07-06 2016-12-05
4.6
None Local Low Not required Partial Partial Partial
Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors.
Total number of vulnerabilities : 657   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.