CVE-2017-6791
https://notcve.org/view.php?id=CVE-2017-6791
A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). • http://www.securityfocus.com/bid/100662 http://www.securitytracker.com/id/1039286 https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1466
https://notcve.org/view.php?id=CVE-2016-1466
Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. Cisco Unified Communications Manager IM y Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1 y 11.5(1) permite a atacantes remotos provocar una denegación de servicio (reinicio del proceso sipd) a través de cabeceras manipuladas en un paquete SIP, también conocido como Bug ID CSCva39072. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm http://www.securityfocus.com/bid/92271 http://www.securitytracker.com/id/1036526 • CWE-399: Resource Management Errors •
CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-4294
https://notcve.org/view.php?id=CVE-2015-4294
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. Vulnerabilidad XSS en Cisco IM y Presence Service en versiones anteriores a 10.5 MR1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante la construcción de una URL manipulada que aprovecha un filtrado incompleto de elementos HTML, también conocida como Bug ID CSCut41766. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40217 http://www.securitytracker.com/id/1033171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-4221
https://notcve.org/view.php?id=CVE-2015-4221
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194. Cisco Unified Communications Manager IM y Presence Service 9.1(1) no restringe correctamente el acceso a las contraseñas cifradas, lo que permite a atacantes remotos determinar contraseñas en texto claro, y como consecuencia ejecutar comandos arbitrarios, mediante la visita a una página web no especificada y posteriormente la realización de un ataque de descifrado, también conocido como Bug ID CSCuq46194. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39505 http://www.securityfocus.com/bid/75401 http://www.securitytracker.com/id/1032716 • CWE-264: Permissions, Privileges, and Access Controls •