Skip to main content
CVE-2015-6289 HIGH Act Now

Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
7.5
EPSS
11.7%
CVE-2016-1436 HIGH This Week

The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Asr 5000 Software
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-1438 HIGH This Week

Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1435 HIGH This Week

Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. Rated high severity (CVSS 7.0). No vendor patch available.

Cisco Privilege Escalation Ip Phone 8800 Series Firmware
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2016-1428 MEDIUM This Month

Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allows remote authenticated users to cause a denial of service (device restart) via a sequence of crafted SNMP read requests, aka Bug. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-1437 MEDIUM This Month

SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Collaboration Deployment
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-1434 MEDIUM This Month

The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ip Phone 8800 Series Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-0914 MEDIUM This Month

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Documentum Administrator Documentum Capital Projects Documentum Taskspace Documentum Webtop
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2016-1439 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Enterprise
NVD
CVSS 3.0
6.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy