CVSS: 7.8EPSS: 12%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
04 Apr 2016 — The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4294
https://notcve.org/view.php?id=CVE-2015-4294
01 Aug 2015 — Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. Vulnerabilidad XSS en Cisco IM y Presence Service en versiones anteriores a 10.5 MR1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante la construcción de una URL manipulada que aprovecha un filtrado incompleto... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7991
https://notcve.org/view.php?id=CVE-2014-7991
14 Nov 2014 — The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternativ... • http://secunia.com/advisories/62267 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2104
https://notcve.org/view.php?id=CVE-2014-2104
02 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. Múltiples vulnerabilidades de XSS en la página Business Voice Services Manager (BVSM) en Cisco Unified Communications Domain Manager 9.0(.1) permiten a atacantes remotos inyectar script Web o HTML arb... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0740
https://notcve.org/view.php?id=CVE-2014-0740
27 Feb 2014 — Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. Vulnerabilidad de CSRF en la interfaz Call Detail Records Analysis and Reporting (CAR) en el componente OS Administration en Cisco Unified Communicat... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0741
https://notcve.org/view.php?id=CVE-2014-0741
27 Feb 2014 — The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. La funcionalidad certificate-import en la implementación Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitra... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0742
https://notcve.org/view.php?id=CVE-2014-0742
27 Feb 2014 — The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. La implementación Certificate Authority Proxy Function (CAPF) CLI en la funcionalidad de gestión CSR en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0743
https://notcve.org/view.php?id=CVE-2014-0743
27 Feb 2014 — The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. El componente Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos evadir autenticación y modificar información de dispositivo registrado a través de datos m... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0747
https://notcve.org/view.php?id=CVE-2014-0747
27 Feb 2014 — The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. La implementación Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales inyectar comandos a través de programas CAPF no especificados, también conocido como Bug ID CSCum95493. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0731
https://notcve.org/view.php?id=CVE-2014-0731
22 Feb 2014 — The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. La administración del interfaz en Cisco Unified Communications Manager (Unified CM) 10.0(1) y versiones anteriores permite a atacantes remotos eludir la autenticación y leer archivos Java class a través de una petición directa, vulnerabilidad también conocida como Bug ID CSCum46497. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731 • CWE-264: Permissions, Privileges, and Access Controls •