CVEs (238)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Cisco 14Adaptive Security Appliance Software Dx Series Ip Phones FirmwareIos Xe+11 moreMay 6, 2026 Apr 21, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. |
1Cisco 1Unified Communications Manager May 6, 2026 Jan 8, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. |
1Cisco 1Unified Communications Manager May 6, 2026 Dec 16, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CS...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Dec 15, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. |
1Cisco 1Unified Communications Manager May 6, 2026 Aug 1, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID C...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Jul 14, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a cr...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Jul 14, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. |
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. |
1Cisco 1Unified Communications Manager May 6, 2026 May 16, 2015 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
1Cisco 1Unified Communications Manager May 6, 2026 Jan 22, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API com...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Nov 14, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-mid...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified paramet...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameter...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unsp...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified paramet...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Oct 31, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified para...Show more |
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and e...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Aug 11, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug...Show more |
1Cisco 1Unified Communications Manager May 6, 2026 Jul 14, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup...Show more |