| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0. |
| The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829. |
| A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010. |
| Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326. |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. |
| The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208. |
| A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2). |
| The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563. |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. |
| The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service (service crash) via a crafted string, aka Bug ID CSCuq31819. |
| A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. |
| The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753. |
| Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524. |
| A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. |
| Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060. |
| SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. |
| Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862. |
| Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149. |
| Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. |
