VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,103 total · sorted by risk
  • CVE-2018-15458MedJan 10, 2019
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.…

  • CVE-2018-0484MedJan 10, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The…

  • CVE-2018-0482MedJan 10, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to…

  • CVE-2018-15451MedNov 8, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient…

  • CVE-2018-15446MedNov 8, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option…

  • CVE-2018-15402MedOct 17, 2018
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management…

  • CVE-2018-15395MedOct 17, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be…

  • CVE-2018-0416MedOct 17, 2018
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation…

  • CVE-2018-15429MedOct 5, 2018
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An…

  • CVE-2018-15403MedOct 5, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web…

  • CVE-2018-0447MedOct 5, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and…

  • CVE-2018-0367MedAug 15, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The…

  • CVE-2018-0408MedAug 1, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an…

  • CVE-2018-0407MedAug 1, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an…

  • CVE-2018-0340MedJun 7, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is…

  • CVE-2018-0329MedJun 7, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due…

  • CVE-2018-0290MedMay 17, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An…

  • CVE-2018-0288MedMay 2, 2018
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The…

  • CVE-2018-0286MedMay 2, 2018
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf…

  • CVE-2018-0245MedMay 2, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and…

  • CVE-2018-0273MedApr 19, 2018
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new…

  • CVE-2018-0260MedApr 19, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP…

  • CVE-2018-0254MedApr 19, 2018
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured. The vulnerability…

  • CVE-2018-0189MedMar 28, 2018
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally…

  • CVE-2018-0198MedMar 27, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing…

  • CVE-2018-0220MedMar 8, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due…

  • CVE-2018-0216MedMar 8, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2018-0214MedMar 8, 2018
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been…

  • CVE-2018-0208MedMar 8, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service.…

  • CVE-2018-0203MedFeb 22, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An…

  • CVE-2018-0201MedFeb 22, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An…

  • CVE-2018-0146MedFeb 22, 2018
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application.…

  • CVE-2017-5827MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.01

    A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2018-0138MedFeb 8, 2018
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because…

  • CVE-2018-0134MedFeb 8, 2018
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different…

  • CVE-2018-0111MedJan 18, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due…

  • CVE-2018-0108MedJan 18, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance…

  • CVE-2018-0105MedJan 18, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing…

  • CVE-2017-12363MedNov 30, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by…

  • CVE-2017-12358MedNov 30, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to…

  • CVE-2017-12357MedNov 30, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2017-12355MedNov 30, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief…

  • CVE-2017-12354MedNov 30, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system…

  • CVE-2017-12349MedNov 30, 2017
    risk 0.35cvss 5.4epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.…

  • CVE-2017-12348MedNov 30, 2017
    risk 0.35cvss 5.4epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.…

  • CVE-2017-12309MedNov 16, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker…

  • CVE-2017-12303MedNov 16, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or…

  • CVE-2017-12299MedNov 16, 2017
    risk 0.35cvss 5.3epss 0.01

    A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that…

  • CVE-2017-12295MedNov 2, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due…

  • CVE-2017-12294MedNov 2, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the…

Page 75 of 143