| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
32251 |
CVE-2016-1366 |
264 |
|
DoS |
2016-03-24 |
2016-12-02 |
6.8 |
None |
Remote |
Low |
Single system |
None |
Complete |
None |
|
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848. |
|
32252 |
CVE-2016-1361 |
399 |
|
DoS |
2016-03-11 |
2016-12-02 |
4.6 |
None |
Local Network |
High |
Not required |
None |
None |
Complete |
|
Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. |
|
32253 |
CVE-2016-1360 |
200 |
|
+Info |
2016-03-11 |
2016-12-02 |
3.0 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
None |
|
Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. |
|
32254 |
CVE-2016-1359 |
20 |
|
Exec Code |
2016-03-03 |
2019-07-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. |
|
32255 |
CVE-2016-1358 |
119 |
|
DoS Overflow |
2016-03-03 |
2019-07-29 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497. |
|
32256 |
CVE-2016-1357 |
200 |
|
Bypass +Info |
2016-03-03 |
2016-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211. |
|
32257 |
CVE-2016-1356 |
287 |
|
|
2016-03-03 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. |
|
32258 |
CVE-2016-1355 |
79 |
|
XSS |
2016-03-03 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687. |
|
32259 |
CVE-2016-1354 |
79 |
|
XSS |
2016-03-03 |
2016-03-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176. |
|
32260 |
CVE-2016-1353 |
399 |
|
DoS |
2016-02-29 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to cause a denial of service (TCP outage) via vectors involving FIN packets, aka Bug ID CSCuy45136. |
|
32261 |
CVE-2016-1345 |
20 |
|
Bypass |
2016-03-31 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. |
|
32262 |
CVE-2016-1343 |
|
|
DoS |
2016-04-30 |
2016-05-04 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. |
|
32263 |
CVE-2016-1342 |
200 |
|
+Info |
2016-02-26 |
2016-03-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. |
|
32264 |
CVE-2016-1341 |
264 |
|
+Priv |
2016-02-23 |
2016-12-05 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. |
|
32265 |
CVE-2016-1337 |
264 |
|
+Info |
2016-07-03 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178. |
|
32266 |
CVE-2016-1334 |
20 |
|
|
2016-02-17 |
2016-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457. |
|
32267 |
CVE-2016-1333 |
399 |
|
DoS |
2016-02-17 |
2016-12-05 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OIDs, aka Bug ID CSCux89878. |
|
32268 |
CVE-2016-1331 |
79 |
|
XSS |
2016-02-15 |
2016-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766. |
|
32269 |
CVE-2016-1330 |
399 |
|
DoS |
2016-02-15 |
2016-12-05 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746. |
|
32270 |
CVE-2016-1324 |
264 |
|
DoS |
2016-02-11 |
2016-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. |
|
32271 |
CVE-2016-1323 |
200 |
|
+Info |
2016-02-11 |
2016-02-29 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. |
|
32272 |
CVE-2016-1322 |
264 |
|
Bypass |
2016-02-11 |
2016-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. |
|
32273 |
CVE-2016-1321 |
200 |
|
Bypass +Info |
2016-02-15 |
2016-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082. |
|
32274 |
CVE-2016-1320 |
78 |
|
Exec Code |
2016-02-11 |
2016-12-29 |
6.8 |
Admin |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. |
|
32275 |
CVE-2016-1319 |
200 |
|
+Info |
2016-02-08 |
2016-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. |
|
32276 |
CVE-2016-1318 |
79 |
|
XSS |
2016-02-08 |
2016-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489. |
|
32277 |
CVE-2016-1317 |
200 |
|
+Info |
2016-02-08 |
2016-12-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098. |
|
32278 |
CVE-2016-1316 |
200 |
|
+Info |
2016-02-08 |
2016-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. |
|
32279 |
CVE-2016-1315 |
284 |
|
Bypass |
2016-02-11 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. |
|
32280 |
CVE-2016-1314 |
79 |
|
XSS |
2016-03-28 |
2016-12-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. |
|
32281 |
CVE-2016-1311 |
79 |
|
XSS |
2016-02-06 |
2016-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. |
|
32282 |
CVE-2016-1310 |
79 |
|
XSS |
2016-02-06 |
2016-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. |
|
32283 |
CVE-2016-1309 |
79 |
|
XSS |
2016-02-07 |
2016-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. |
|
32284 |
CVE-2016-1308 |
89 |
|
Exec Code Sql |
2016-02-07 |
2016-12-05 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. |
|
32285 |
CVE-2016-1307 |
287 |
|
|
2016-02-07 |
2016-12-05 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. |
|
32286 |
CVE-2016-1306 |
79 |
|
XSS |
2016-02-06 |
2016-02-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. |
|
32287 |
CVE-2016-1305 |
79 |
|
XSS |
2016-02-07 |
2016-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. |
|
32288 |
CVE-2016-1304 |
79 |
|
XSS |
2016-01-30 |
2016-12-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. |
|
32289 |
CVE-2016-1300 |
79 |
|
XSS |
2016-01-27 |
2016-01-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. |
|
32290 |
CVE-2016-1299 |
399 |
|
DoS |
2016-01-27 |
2016-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174. |
|
32291 |
CVE-2016-1298 |
79 |
|
XSS |
2016-01-26 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. |
|
32292 |
CVE-2016-1296 |
254 |
|
Bypass |
2016-01-20 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. |
|
32293 |
CVE-2016-1295 |
200 |
|
+Info |
2016-01-16 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775. |
|
32294 |
CVE-2016-1294 |
79 |
|
XSS |
2016-01-16 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT System Software 6.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted cookie, aka Bug ID CSCuw89094. |
|
32295 |
CVE-2016-1293 |
79 |
|
XSS |
2016-01-16 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414. |
|
32296 |
CVE-2016-1290 |
264 |
|
+Priv Bypass |
2016-04-06 |
2019-07-29 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. |
|
32297 |
CVE-2016-1288 |
20 |
|
DoS |
2016-03-03 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840. |
|
32298 |
CVE-2016-1286 |
20 |
|
DoS |
2016-03-09 |
2017-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. |
|
32299 |
CVE-2016-1285 |
20 |
|
DoS |
2016-03-09 |
2017-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. |
|
32300 |
CVE-2016-1284 |
20 |
|
DoS |
2016-02-04 |
2017-09-09 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. |
