Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,103 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15458 | Med | 0.35 | 5.3 | 0.03 | Jan 10, 2019 | A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.… | ||
| CVE-2018-0484 | Med | 0.35 | 5.3 | 0.01 | Jan 10, 2019 | A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The… | ||
| CVE-2018-0482 | Med | 0.35 | 5.4 | 0.01 | Jan 10, 2019 | A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to… | ||
| CVE-2018-15451 | Med | 0.35 | 5.4 | 0.01 | Nov 8, 2018 | A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient… | ||
| CVE-2018-15446 | Med | 0.35 | 5.3 | 0.02 | Nov 8, 2018 | A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option… | ||
| CVE-2018-15402 | Med | 0.35 | 5.4 | 0.00 | Oct 17, 2018 | A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management… | ||
| CVE-2018-15395 | Med | 0.35 | 5.4 | 0.01 | Oct 17, 2018 | A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be… | ||
| CVE-2018-0416 | Med | 0.35 | 5.3 | 0.03 | Oct 17, 2018 | A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation… | ||
| CVE-2018-15429 | Med | 0.35 | 5.3 | 0.01 | Oct 5, 2018 | A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An… | ||
| CVE-2018-15403 | Med | 0.35 | 5.4 | 0.01 | Oct 5, 2018 | A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web… | ||
| CVE-2018-0447 | Med | 0.35 | 5.3 | 0.02 | Oct 5, 2018 | A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and… | ||
| CVE-2018-0367 | Med | 0.35 | 5.4 | 0.01 | Aug 15, 2018 | A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The… | ||
| CVE-2018-0408 | Med | 0.35 | 5.4 | 0.01 | Aug 1, 2018 | A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an… | ||
| CVE-2018-0407 | Med | 0.35 | 5.4 | 0.01 | Aug 1, 2018 | A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an… | ||
| CVE-2018-0340 | Med | 0.35 | 5.4 | 0.01 | Jun 7, 2018 | A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is… | ||
| CVE-2018-0329 | Med | 0.35 | 5.3 | 0.02 | Jun 7, 2018 | A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due… | ||
| CVE-2018-0290 | Med | 0.35 | 5.3 | 0.02 | May 17, 2018 | A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An… | ||
| CVE-2018-0288 | Med | 0.35 | 5.3 | 0.03 | May 2, 2018 | A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The… | ||
| CVE-2018-0286 | Med | 0.35 | 5.3 | 0.03 | May 2, 2018 | A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf… | ||
| CVE-2018-0245 | Med | 0.35 | 5.3 | 0.02 | May 2, 2018 | A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and… | ||
| CVE-2018-0273 | Med | 0.35 | 5.3 | 0.03 | Apr 19, 2018 | A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new… | ||
| CVE-2018-0260 | Med | 0.35 | 5.3 | 0.02 | Apr 19, 2018 | A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP… | ||
| CVE-2018-0254 | Med | 0.35 | 5.3 | 0.01 | Apr 19, 2018 | A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured. The vulnerability… | ||
| CVE-2018-0189 | Med | 0.35 | 5.3 | 0.01 | Mar 28, 2018 | A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally… | ||
| CVE-2018-0198 | Med | 0.35 | 5.3 | 0.02 | Mar 27, 2018 | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing… | ||
| CVE-2018-0220 | Med | 0.35 | 5.4 | 0.01 | Mar 8, 2018 | A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due… | ||
| CVE-2018-0216 | Med | 0.35 | 5.4 | 0.01 | Mar 8, 2018 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to… | ||
| CVE-2018-0214 | Med | 0.35 | 5.3 | 0.01 | Mar 8, 2018 | A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been… | ||
| CVE-2018-0208 | Med | 0.35 | 5.4 | 0.01 | Mar 8, 2018 | A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service.… | ||
| CVE-2018-0203 | Med | 0.35 | 5.3 | 0.02 | Feb 22, 2018 | A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An… | ||
| CVE-2018-0201 | Med | 0.35 | 5.4 | 0.01 | Feb 22, 2018 | A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An… | ||
| CVE-2018-0146 | Med | 0.35 | 5.4 | 0.00 | Feb 22, 2018 | A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application.… | ||
| CVE-2017-5827 | Med | 0.35 | 5.4 | 0.01 | Feb 15, 2018 | A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2018-0138 | Med | 0.35 | 5.3 | 0.01 | Feb 8, 2018 | A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because… | ||
| CVE-2018-0134 | Med | 0.35 | 5.3 | 0.01 | Feb 8, 2018 | A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different… | ||
| CVE-2018-0111 | Med | 0.35 | 5.3 | 0.02 | Jan 18, 2018 | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due… | ||
| CVE-2018-0108 | Med | 0.35 | 5.3 | 0.02 | Jan 18, 2018 | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance… | ||
| CVE-2018-0105 | Med | 0.35 | 5.3 | 0.02 | Jan 18, 2018 | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing… | ||
| CVE-2017-12363 | Med | 0.35 | 5.3 | 0.02 | Nov 30, 2017 | A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by… | ||
| CVE-2017-12358 | Med | 0.35 | 5.4 | 0.01 | Nov 30, 2017 | A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to… | ||
| CVE-2017-12357 | Med | 0.35 | 5.4 | 0.01 | Nov 30, 2017 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The… | ||
| CVE-2017-12355 | Med | 0.35 | 5.3 | 0.03 | Nov 30, 2017 | A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief… | ||
| CVE-2017-12354 | Med | 0.35 | 5.3 | 0.02 | Nov 30, 2017 | A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system… | ||
| CVE-2017-12349 | Med | 0.35 | 5.4 | 0.01 | Nov 30, 2017 | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.… | ||
| CVE-2017-12348 | Med | 0.35 | 5.4 | 0.01 | Nov 30, 2017 | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.… | ||
| CVE-2017-12309 | Med | 0.35 | 5.3 | 0.02 | Nov 16, 2017 | A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker… | ||
| CVE-2017-12303 | Med | 0.35 | 5.3 | 0.02 | Nov 16, 2017 | A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or… | ||
| CVE-2017-12299 | Med | 0.35 | 5.3 | 0.01 | Nov 16, 2017 | A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that… | ||
| CVE-2017-12295 | Med | 0.35 | 5.3 | 0.02 | Nov 2, 2017 | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due… | ||
| CVE-2017-12294 | Med | 0.35 | 5.4 | 0.01 | Nov 2, 2017 | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the… |
- risk 0.35cvss 5.3epss 0.03
A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option…
- risk 0.35cvss 5.4epss 0.00
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be…
- risk 0.35cvss 5.3epss 0.03
A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An…
- risk 0.35cvss 5.3epss 0.03
A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The…
- risk 0.35cvss 5.3epss 0.03
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and…
- risk 0.35cvss 5.3epss 0.03
A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured. The vulnerability…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service.…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An…
- risk 0.35cvss 5.4epss 0.00
A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application.…
- risk 0.35cvss 5.4epss 0.01
A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…
- risk 0.35cvss 5.3epss 0.03
A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system…
- risk 0.35cvss 5.4epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.…
- risk 0.35cvss 5.4epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface.…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or…
- risk 0.35cvss 5.3epss 0.01
A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that…
- risk 0.35cvss 5.3epss 0.02
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the…
Page 75 of 143