CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1685 – Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1685
21 Feb 2019 — A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful expl... • http://www.securityfocus.com/bid/107102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15396 – Cisco Unity Connection File Upload Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15396
05 Oct 2018 — A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affec... • http://www.securitytracker.com/id/1041782 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15426 – Cisco Unity Connection Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2018-15426
05 Oct 2018 — A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A success... • http://www.securitytracker.com/id/1041781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0354
https://notcve.org/view.php?id=CVE-2018-0354
07 Jun 2018 — A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's br... • http://www.securityfocus.com/bid/104426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6779
https://notcve.org/view.php?id=CVE-2017-6779
07 Jun 2018 — Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12212
https://notcve.org/view.php?id=CVE-2017-12212
07 Sep 2017 — A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the u... • http://www.securityfocus.com/bid/100645 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2017-6629
https://notcve.org/view.php?id=CVE-2017-6629
03 May 2017 — A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. Una vulnerabilidad en el parámetro Ima... • http://www.securityfocus.com/bid/98286 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1377
https://notcve.org/view.php?id=CVE-2016-1377
12 Apr 2016 — Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. Vulnerabilidad de XSS en Cisco Unity Connection hasta la versión 11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocida como Bug ID CSCus21776. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 12%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
04 Apr 2016 — The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1304
https://notcve.org/view.php?id=CVE-2016-1304
30 Jan 2016 — Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. Vulnerabilidad de XSS en Cisco Unity Connection 10.5(2.3009) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como Bug ID CSCux82596. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •