CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3380
https://notcve.org/view.php?id=CVE-2014-3380
Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063. Cisco Unified Communications Domain Manager Platform Software 4.4(.3) y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío rápido de paquetes TCP manipulados, también conocido como Bug ID CSCuo42063. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3380 http://tools.cisco.com/security/center/viewAlert.x?alertId=35803 http://www.securityfocus.com/bid/70044 http://www.securitytracker.com/id/1030885 https://exchange.xforce.ibmcloud.com/vulnerabilities/96146 • CWE-399: Resource Management Errors •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3363
https://notcve.org/view.php?id=CVE-2014-3363
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. Vulnerabilidad de XSS en el Framework web en Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) permite a usuarios remotos autenticados inyectar script web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCuq68443. • http://secunia.com/advisories/59105 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363 http://tools.cisco.com/security/center/viewAlert.x?alertId=35672 http://www.securityfocus.com/bid/69739 http://www.securitytracker.com/id/1030836 https://exchange.xforce.ibmcloud.com/vulnerabilities/95882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3338
https://notcve.org/view.php?id=CVE-2014-3338
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. El módulo CTIManager en Cisco Unified Communications Manager (CM) 10.0(1), cuando el inicio se sesión único (single sign-on) está habilitado, no valida debidamente los tokens Kerberos SSO, lo que permite a usuarios remotos autenticados ganar privilegios y ejecutar comandos arbitrarios a través de datos de tokens manipulados, también conocido como Bug ID CSCum95491. • http://secunia.com/advisories/60054 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338 http://tools.cisco.com/security/center/viewAlert.x?alertId=35258 http://www.securityfocus.com/bid/69176 http://www.securitytracker.com/id/1030710 https://exchange.xforce.ibmcloud.com/vulnerabilities/95246 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3339
https://notcve.org/view.php?id=CVE-2014-3339
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. Múltiples vulnerabilidades de inyección SQL en la interfaz del web de administración en Cisco Unified Communications Manager (CM) y Cisco Unified Presence Server (CUPS) permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de entradas manipuladas en páginas no especificadas, también conocido como Bug ID CSCup74290. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339 http://www.securityfocus.com/bid/69200 https://exchange.xforce.ibmcloud.com/vulnerabilities/95250 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3337
https://notcve.org/view.php?id=CVE-2014-3337
The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. La implementación SIP en Cisco Unified Communications Manager (CM) 8.6(.2) y anteriores permite a usuarios remotos autenticados causar una denegación de servicio (caída del proceso) a través de un mensaje SIP manipulado que no se maneja debidamente durante el procesamiento de un documento XML, también conocido como Bug ID CSCtq76428. • http://secunia.com/advisories/60088 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337 http://tools.cisco.com/security/center/viewAlert.x?alertId=35257 http://www.securityfocus.com/bid/69177 http://www.securitytracker.com/id/1030709 https://exchange.xforce.ibmcloud.com/vulnerabilities/95245 • CWE-20: Improper Input Validation •