Filtered by vendor Cisco
Subscriptions
Total
6638 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3281 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101. | ||||
| CVE-2014-3282 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. | ||||
| CVE-2015-6364 | 1 Cisco | 1 Videoscape Distribution Suite Service Manager | 2025-04-12 | N/A |
| Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960. | ||||
| CVE-2014-2112 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | ||||
| CVE-2014-3286 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661. | ||||
| CVE-2014-3289 | 1 Cisco | 4 Content Security Management Appliance, Email Security Appliance Firmware, Ironport Asyncos and 1 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888. | ||||
| CVE-2014-3290 | 1 Cisco | 1 Ios Xe | 2025-04-12 | N/A |
| The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867. | ||||
| CVE-2014-3292 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. | ||||
| CVE-2014-2111 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | ||||
| CVE-2014-3296 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527. | ||||
| CVE-2015-6347 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | N/A |
| The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. | ||||
| CVE-2014-2109 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. | ||||
| CVE-2014-2108 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. | ||||
| CVE-2014-3301 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. | ||||
| CVE-2015-0612 | 1 Cisco | 3 Unity Connection, Unity Connection 8.5, Unity Connection 8.6 | 2025-04-12 | N/A |
| The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062. | ||||
| CVE-2015-6348 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | N/A |
| The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. | ||||
| CVE-2014-3309 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | ||||
| CVE-2014-3310 | 1 Cisco | 2 Webex Meeting Center, Webex Meetings Server | 2025-04-12 | N/A |
| The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. | ||||
| CVE-2014-2104 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. | ||||
| CVE-2014-2102 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2025-04-12 | N/A |
| Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575. | ||||