CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4294
https://notcve.org/view.php?id=CVE-2015-4294
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. Vulnerabilidad XSS en Cisco IM y Presence Service en versiones anteriores a 10.5 MR1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante la construcción de una URL manipulada que aprovecha un filtrado incompleto de elementos HTML, también conocida como Bug ID CSCut41766. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40217 http://www.securitytracker.com/id/1033171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7991
https://notcve.org/view.php?id=CVE-2014-7991
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternative Name' (SAN) de un certificado X.509, lo que permite a atacantes man-in.the-middle engañar el núcleo de los dispositivos VCS a través de un certificado manipulado por una Autoridad Certificadora, también conocido como ID CSCuq86376. • http://secunia.com/advisories/62267 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991 http://tools.cisco.com/security/center/viewAlert.x?alertId=36381 http://www.securityfocus.com/bid/71013 http://www.securitytracker.com/id/1031181 https://exchange.xforce.ibmcloud.com/vulnerabilities/98574 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2104
https://notcve.org/view.php?id=CVE-2014-2104
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. Múltiples vulnerabilidades de XSS en la página Business Voice Services Manager (BVSM) en Cisco Unified Communications Domain Manager 9.0(.1) permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug IDs CSCum78536, CSCum78526, CSCum69809 y CSCum63113. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2104 http://tools.cisco.com/security/center/viewAlert.x?alertId=33111 http://www.securityfocus.com/bid/65869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0743
https://notcve.org/view.php?id=CVE-2014-0743
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. El componente Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos evadir autenticación y modificar información de dispositivo registrado a través de datos manipulados, también conocido como Bug ID CSCum95468. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743 http://tools.cisco.com/security/center/viewAlert.x?alertId=33044 http://www.securitytracker.com/id/1029843 • CWE-287: Improper Authentication •