CVSS: 7.8EPSS: 2%CPEs: 46EXPL: 0CVE-2011-1605
https://notcve.org/view.php?id=CVE-2011-1605
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCth39586. • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47610 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67123 •
CVSS: 7.1EPSS: 2%CPEs: 47EXPL: 0CVE-2011-1604
https://notcve.org/view.php?id=CVE-2011-1604
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCti42904. • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47609 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67122 • CWE-399: Resource Management Errors •
CVSS: 8.5EPSS: 0%CPEs: 45EXPL: 1CVE-2011-1609 – Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2011-1609
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5)su1, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a usuarios autenticados remotamente ejecutar comandos SQL a través de vectores no especificados, también conocido como error de identificación CSCtg85647. • https://www.exploit-db.com/exploits/35672 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47605 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67125 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •