CVSS: 7.8EPSS: 12%CPEs: 65EXPL: 0CVE-2015-0718
https://notcve.org/view.php?id=CVE-2015-0718
03 Mar 2016 — Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. Cisco NX-OS 4.0 hasta la versión 6.1 en dispositivos Nexus 1000V 3000, 4000, 5000, 6000 y 7000 y plataformas Unified Computing System (UCS) permite a atancantes remotos causar una denegación de servicio (recarga... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 3%CPEs: 14EXPL: 0CVE-2016-1329
https://notcve.org/view.php?id=CVE-2016-1329
03 Mar 2016 — Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800. Cisco NX-OS 6.0(2)U6(1) hasta la versión 6.0(2)U6(5) en dispositivos Nexus 3000 y 6.0(2)A6(1) hasta la versión 6.0(2)A6(5) y 6.0(2)A7(1) en dispositivos Nexus 3500 tiene credenciales embebidas, lo que permite a atacantes remotos ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1317
https://notcve.org/view.php?id=CVE-2016-1317
09 Feb 2016 — Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098. Cisco Unified Communications Manager 11.5(0.98000.480) permite a usuarios remotos autenticados obtener información sensible de la base de datos table-name y entity-name a través de una petición directa a una URL no especificada, también conocido como Bug ID CSCuy11098. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1319
https://notcve.org/view.php?id=CVE-2016-1319
09 Feb 2016 — Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. Cisco Unified Communications Manager (también conocido como CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6398
https://notcve.org/view.php?id=CVE-2015-6398
07 Feb 2016 — Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. Switches Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode con software anterior a 11.0(1c) permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de un paquete IPv4 ICMP con la opción IP Record Route, tamb... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2016-1302
https://notcve.org/view.php?id=CVE-2016-1302
07 Feb 2016 — Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. Dispositivos Cisco Application Policy Infrastructure Controller (APIC) con software anterior a 1.0(3h) y 1.1 en versiones anteriores a 1.1(1j) y switches Nexus 9000 ACI Mode con software... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1307
https://notcve.org/view.php?id=CVE-2016-1307
07 Feb 2016 — The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. El servidor Openfire en Cisco Finesse Desktop 10.5(1) y 11.0(1) y Unified Contact Center Express 10.6(1) tiene una cuenta embebida, lo que hace más fácil para atacantes remotos obtener acceso a través de una sesión XMPP, también conocido como Bug ID CSCuw79085. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce • CWE-255: Credentials Management Errors CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5988
https://notcve.org/view.php?id=CVE-2015-5988
31 Dec 2015 — The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. La interfaz de gestión web en dispositivos Belkin F9K1102 2 con firmware 2.10.17 tiene una contraseña en blanco, lo que permite a atacantes remotos obtener privilegios administrativos aprovechando una sesión LAN. • https://www.kb.cert.org/vuls/id/201168 • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5990
https://notcve.org/view.php?id=CVE-2015-5990
31 Dec 2015 — Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en dispositivos Belkin F9K1102 2 con firmware 2.10.17 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios • https://www.kb.cert.org/vuls/id/201168 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2015-5989
https://notcve.org/view.php?id=CVE-2015-5989
31 Dec 2015 — Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. Dispositivos Belkin F9K1102 2 con firmware 2.10.17 confia en el código JavaScript del lado del cliente para autorización, lo que permite a atacantes remotos obtener privilegios administrativos a través de ciertos cambios en los valores LockStatus y Login_Success. • https://www.kb.cert.org/vuls/id/201168 • CWE-264: Permissions, Privileges, and Access Controls •