| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
37501 |
CVE-2015-0742 |
399 |
|
DoS |
2015-05-21 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398. |
|
37502 |
CVE-2015-0741 |
352 |
|
CSRF |
2015-05-21 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. |
|
37503 |
CVE-2015-0740 |
352 |
|
CSRF |
2015-05-19 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. |
|
37504 |
CVE-2015-0739 |
20 |
|
|
2015-05-18 |
2017-01-06 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. |
|
37505 |
CVE-2015-0738 |
79 |
|
XSS |
2015-05-16 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008. |
|
37506 |
CVE-2015-0737 |
79 |
|
XSS |
2015-06-12 |
2017-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099. |
|
37507 |
CVE-2015-0736 |
352 |
|
CSRF |
2015-05-15 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. |
|
37508 |
CVE-2015-0735 |
352 |
|
CSRF |
2015-05-16 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. |
|
37509 |
CVE-2015-0734 |
79 |
|
XSS |
2015-05-14 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743. |
|
37510 |
CVE-2015-0733 |
113 |
|
XSS Http R.Spl. |
2015-05-30 |
2017-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580. |
|
37511 |
CVE-2015-0732 |
79 |
|
XSS |
2015-07-28 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. |
|
37512 |
CVE-2015-0731 |
399 |
|
DoS |
2015-05-15 |
2017-01-06 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. |
|
37513 |
CVE-2015-0730 |
20 |
|
DoS |
2015-05-16 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645. |
|
37514 |
CVE-2015-0729 |
79 |
|
XSS File Inclusion |
2015-05-16 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. |
|
37515 |
CVE-2015-0728 |
79 |
|
XSS |
2015-05-14 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002. |
|
37516 |
CVE-2015-0727 |
79 |
|
XSS |
2015-05-14 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789. |
|
37517 |
CVE-2015-0726 |
20 |
|
DoS |
2015-05-16 |
2017-01-06 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252. |
|
37518 |
CVE-2015-0724 |
79 |
|
XSS |
2015-05-14 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCur25604. |
|
37519 |
CVE-2015-0723 |
399 |
|
DoS |
2015-05-16 |
2017-01-06 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. |
|
37520 |
CVE-2015-0717 |
20 |
|
+Priv |
2015-05-16 |
2017-01-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
|
37521 |
CVE-2015-0716 |
352 |
|
CSRF |
2015-05-06 |
2015-09-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. |
|
37522 |
CVE-2015-0715 |
89 |
|
Exec Code Sql |
2015-05-06 |
2015-09-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. |
|
37523 |
CVE-2015-0714 |
79 |
|
XSS |
2015-05-02 |
2015-09-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595. |
|
37524 |
CVE-2015-0712 |
399 |
|
DoS |
2015-05-01 |
2015-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217. |
|
37525 |
CVE-2015-0711 |
399 |
|
DoS |
2015-04-28 |
2015-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711. |
|
37526 |
CVE-2015-0710 |
399 |
|
DoS |
2015-04-28 |
2015-09-10 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335. |
|
37527 |
CVE-2015-0709 |
399 |
|
DoS |
2015-04-28 |
2015-09-10 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348. |
|
37528 |
CVE-2015-0708 |
399 |
|
DoS |
2015-04-28 |
2015-09-10 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956. |
|
37529 |
CVE-2015-0707 |
79 |
|
XSS |
2015-04-22 |
2015-04-23 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425. |
|
37530 |
CVE-2015-0706 |
|
|
|
2015-04-22 |
2015-04-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. |
|
37531 |
CVE-2015-0705 |
352 |
|
CSRF |
2015-04-21 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494. |
|
37532 |
CVE-2015-0704 |
352 |
|
CSRF |
2015-04-21 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884. |
|
37533 |
CVE-2015-0703 |
79 |
|
XSS |
2015-04-20 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857. |
|
37534 |
CVE-2015-0700 |
352 |
|
CSRF |
2015-04-16 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. |
|
37535 |
CVE-2015-0699 |
89 |
|
Exec Code Sql |
2015-04-15 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. |
|
37536 |
CVE-2015-0698 |
79 |
|
XSS |
2015-04-15 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213. |
|
37537 |
CVE-2015-0697 |
601 |
|
|
2015-04-15 |
2017-01-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. |
|
37538 |
CVE-2015-0696 |
79 |
|
XSS |
2015-04-15 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977. |
|
37539 |
CVE-2015-0694 |
284 |
|
Bypass |
2015-04-10 |
2015-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. |
|
37540 |
CVE-2015-0690 |
79 |
|
XSS |
2015-04-06 |
2015-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. |
|
37541 |
CVE-2015-0689 |
119 |
|
Overflow Bypass |
2017-09-19 |
2017-09-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. |
|
37542 |
CVE-2015-0687 |
399 |
|
DoS |
2015-04-02 |
2015-09-29 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574. |
|
37543 |
CVE-2015-0686 |
399 |
|
DoS |
2015-04-02 |
2015-09-29 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240. |
|
37544 |
CVE-2015-0684 |
89 |
|
Exec Code Sql |
2015-04-03 |
2015-09-29 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. |
|
37545 |
CVE-2015-0683 |
200 |
|
+Info File Inclusion |
2015-04-03 |
2015-09-29 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. |
|
37546 |
CVE-2015-0682 |
264 |
|
Exec Code |
2015-04-03 |
2015-10-27 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. |
|
37547 |
CVE-2015-0680 |
200 |
|
+Info |
2015-03-27 |
2015-11-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. |
|
37548 |
CVE-2015-0679 |
20 |
|
DoS |
2015-03-27 |
2015-10-01 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. |
|
37549 |
CVE-2015-0674 |
79 |
|
XSS |
2017-07-25 |
2017-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
|
37550 |
CVE-2015-0673 |
200 |
|
+Info |
2015-03-26 |
2015-09-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. |
