CVE-2016-1331
https://notcve.org/view.php?id=CVE-2016-1331
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766. Múltiples vulnerabilidades de XSS en Cisco Emergency Responder 11.5(0.99833.5) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug ID CSCuy10766. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160215-er http://www.securitytracker.com/id/1035012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1319
https://notcve.org/view.php?id=CVE-2016-1319
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. Cisco Unified Communications Manager (también conocido como CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1) y 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); y Unity Connection 10.5(2) almacena una clave de cifrado en texto plano, que permite a usuarios locales obtener información sensible a través de vectores no especificados, también conocido como Bug ID CSCuv85958. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm http://www.securitytracker.com/id/1034958 http://www.securitytracker.com/id/1034959 http://www.securitytracker.com/id/1034960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1302
https://notcve.org/view.php?id=CVE-2016-1302
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. Dispositivos Cisco Application Policy Infrastructure Controller (APIC) con software anterior a 1.0(3h) y 1.1 en versiones anteriores a 1.1(1j) y switches Nexus 9000 ACI Mode con software anterior a 11.0(3h) y 11.1 en versiones anteriores a 11.1(1j) permite a usuarios remotos autenticados eludir las restricciones destinadas RBAC a través de peticiones REST manipuladas, también conocido como Bug ID CSCut12998. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic http://www.securitytracker.com/id/1034925 • CWE-284: Improper Access Control •
CVE-2016-1306
https://notcve.org/view.php?id=CVE-2016-1306
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. Múltiples vulnerabilidades de XSS en Cisco Fog Director 1.0(0) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro manipulado, también conocida como Bug ID CSCux80466. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1310
https://notcve.org/view.php?id=CVE-2016-1310
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. Vulnerabilidad de XSS en Cisco Unity Connection 11.5(0.199) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como Bug ID CSCuy09033. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-uc http://www.securitytracker.com/id/1034937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •