CVE-2016-1434
https://notcve.org/view.php?id=CVE-2016-1434
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. La funcionalidad license-certificate upload en teléfonos Cisco 8800 con software 11.0(1) permite a usuarios remotos autenticados borrar archivos arbitrarios a través de un archivo inválido, también conocido como Bug ID CSCuz03010. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone http://www.securitytracker.com/id/1036139 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-1421
https://notcve.org/view.php?id=CVE-2016-1421
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Una vulnerabilidad en la aplicación web para los teléfonos IP de Cisco podría permitir que un atacante remoto no autenticado ejecute código con privilegios de root o provoque una recarga de un teléfono IP afectado, resultando en una condición de denegación de servicio (DoS). • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp https://www.tenable.com/security/research/tra-2020-24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1403
https://notcve.org/view.php?id=CVE-2016-1403
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. Teléfonos CISCO IP 8800 con software 11.0.1 y versiones anteriores permite a usuarios locales obtener privilegios para para la ejecución de comandos SO a través de comandos CLI manipulados, también conocida como Bug ID CSCuz03005. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp • CWE-20: Improper Input Validation •
CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-0751
https://notcve.org/view.php?id=CVE-2015-0751
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. Cisco IP Phone 7861, cuando firmware de Cisco Unified Communications Manager 10.3(1) está utilizado, permite a atacantes remotos causar una denegación de servicio a través de paquetes manipulados, también conocido como Bug ID CSCus81800. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39011 http://www.securitytracker.com/id/1032407 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •