CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1377
https://notcve.org/view.php?id=CVE-2016-1377
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. Vulnerabilidad de XSS en Cisco Unity Connection hasta la versión 11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocida como Bug ID CSCus21776. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity http://www.securitytracker.com/id/1035562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1304
https://notcve.org/view.php?id=CVE-2016-1304
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. Vulnerabilidad de XSS en Cisco Unity Connection 10.5(2.3009) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como Bug ID CSCux82596. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc http://www.securitytracker.com/id/1034868 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1300
https://notcve.org/view.php?id=CVE-2016-1300
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. Vulnerabilidad de XSS en Cisco Unity Connection (UC) 10.5(2.3009) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como Bug ID CSCux82582. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7988
https://notcve.org/view.php?id=CVE-2014-7988
The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. Unified Messaging Service (UMS) en Cisco Unity Connection 10.5 y anteriores permite a usuarios remotos autenticados obtener información sensible mediante la lectura de ficheros del registro, también conocido como Bug ID CSCur06493. • http://secunia.com/advisories/62106 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7988 http://tools.cisco.com/security/center/viewAlert.x?alertId=36340 http://www.securitytracker.com/id/1031177 https://exchange.xforce.ibmcloud.com/vulnerabilities/98493 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •