CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6629
https://notcve.org/view.php?id=CVE-2017-6629
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. Una vulnerabilidad en el parámetro ImageID de Cisco Unity Connection 10.5 (2) podría permitir a un atacante remoto no autenticado acceder a archivos en ubicaciones arbitrarias en el sistema de archivos de un dispositivo afectado. • http://www.securityfocus.com/bid/98286 http://www.securitytracker.com/id/1038400 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cuc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1377
https://notcve.org/view.php?id=CVE-2016-1377
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. Vulnerabilidad de XSS en Cisco Unity Connection hasta la versión 11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocida como Bug ID CSCus21776. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity http://www.securitytracker.com/id/1035562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1304
https://notcve.org/view.php?id=CVE-2016-1304
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. Vulnerabilidad de XSS en Cisco Unity Connection 10.5(2.3009) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como Bug ID CSCux82596. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc http://www.securitytracker.com/id/1034868 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1300
https://notcve.org/view.php?id=CVE-2016-1300
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. Vulnerabilidad de XSS en Cisco Unity Connection (UC) 10.5(2.3009) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como Bug ID CSCux82582. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •