CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-6791
https://notcve.org/view.php?id=CVE-2017-6791
07 Sep 2017 — A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, res... • http://www.securityfocus.com/bid/100662 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1466
https://notcve.org/view.php?id=CVE-2016-1466
08 Aug 2016 — Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. Cisco Unified Communications Manager IM y Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1 y 11.5(1) permite a atacantes remotos provocar una denegación de servicio (reinicio del pro... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 12%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
04 Apr 2016 — The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4294
https://notcve.org/view.php?id=CVE-2015-4294
01 Aug 2015 — Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. Vulnerabilidad XSS en Cisco IM y Presence Service en versiones anteriores a 10.5 MR1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante la construcción de una URL manipulada que aprovecha un filtrado incompleto... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4221
https://notcve.org/view.php?id=CVE-2015-4221
26 Jun 2015 — Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194. Cisco Unified Communications Manager IM y Presence Service 9.1(1) no restringe correctamente el acceso a las contraseñas cifradas, lo que permite a atacantes remotos determinar ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39505 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4222
https://notcve.org/view.php?id=CVE-2015-4222
26 Jun 2015 — SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager IM y Presence Service 9.1(1) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCuq46325. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39506 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8000
https://notcve.org/view.php?id=CVE-2014-8000
21 Nov 2014 — Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. Cisco Unified Communications Manager IM and Presence Service 9.1(1) produce mensajes de retorno diferentes para peticiones URL en función de si existe un nombre de usuario, lo que permite a atacantes remotos enumerar las cuentas de usuario a tr... • http://secunia.com/advisories/62558 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7991
https://notcve.org/view.php?id=CVE-2014-7991
14 Nov 2014 — The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternativ... • http://secunia.com/advisories/62267 • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3363
https://notcve.org/view.php?id=CVE-2014-3363
12 Sep 2014 — Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. Vulnerabilidad de XSS en el Framework web en Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) permite a usuarios remotos autenticados inyectar script web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCuq684... • http://secunia.com/advisories/59105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0740
https://notcve.org/view.php?id=CVE-2014-0740
27 Feb 2014 — Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. Vulnerabilidad de CSRF en la interfaz Call Detail Records Analysis and Reporting (CAR) en el componente OS Administration en Cisco Unified Communicat... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740 • CWE-352: Cross-Site Request Forgery (CSRF) •