CVSS: 7.8EPSS: 1%CPEs: 33EXPL: 0CVE-2012-3935
https://notcve.org/view.php?id=CVE-2012-3935
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832. Cisco Unified Presence (CUP) antes de v8.6 (3) y Jabber Extensible Communications Platform (también conocido como Jabber XCP) antes de v5.3, permite a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de una cabecera XMPP modificada, también conocido como Bug ID CSCtu32832. • http://osvdb.org/85421 http://secunia.com/advisories/50562 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp http://www.securitytracker.com/id?1027520 https://exchange.xforce.ibmcloud.com/vulnerabilities/78457 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3288
https://notcve.org/view.php?id=CVE-2011-3288
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564. Cisco Unified Presence antes de su versión v8.5(4) no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU, y finalmente la caída del proceso) a través de un documento XML debidamente modificado que contiene un gran número de referencias a entidades anidadas. Se trata de un problema también conocido como Bug ID CSCtq89842 y CSCtq88547. Es un problema similar a CVE-2003-1564. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20110928-xcpcupsxml.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2009-2874
https://notcve.org/view.php?id=CVE-2009-2874
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. El proceso TimesTenD en Cisco Unified Presence v1.x, v6.x anterior a v6.0(6), y v7.x anterior a v7.0(4), permite a atacantes remotos causar una denegación de servicio (cuelgue de proceso) a través de un gran número de conexiones TCP a los puertos 16200 y 22794, también conocido como Bug ID CSCsy17662. • http://secunia.com/advisories/37039 http://securitytracker.com/id?1023018 http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml http://www.securityfocus.com/bid/36675 http://www.vupen.com/english/advisories/2009/2915 https://exchange.xforce.ibmcloud.com/vulnerabilities/53772 •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2008-1158
https://notcve.org/view.php?id=CVE-2008-1158
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164. El servicio Presence Engine (PE) de Cisco Unified Presence versiones anteriores a 6.0(1) permite a atacantes remotos provocar una denegación de servicio (core dump e interrupción del servicio) a través de paquetes malformados, también conocido como Bug ID CSCsh50164. • http://secunia.com/advisories/30240 http://securitytracker.com/id?1020023 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml http://www.securityfocus.com/bid/29219 http://www.vupen.com/english/advisories/2008/1534 https://exchange.xforce.ibmcloud.com/vulnerabilities/42412 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-1740
https://notcve.org/view.php?id=CVE-2008-1740
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972. El servicio Presence Engine (PE) de Cisco Unified Presence versiones anteriores a 6.0(1) permite a atacantes remotos provocar una denegación de servicio (core dump e interrupción del servicio) a través de "pruebas de estrés" sin especificar, también conocido como Bug ID CSCsh20972. • http://secunia.com/advisories/30240 http://securitytracker.com/id?1020023 http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml http://www.securityfocus.com/bid/29220 http://www.vupen.com/english/advisories/2008/1534 https://exchange.xforce.ibmcloud.com/vulnerabilities/42412 • CWE-20: Improper Input Validation •