Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2021-1250 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. | 5.4 |
| 2021-01-20 | CVE-2021-1249 | Improper Input Validation vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. | 5.4 |
| 2021-01-20 | CVE-2021-1248 | SQL Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. | 7.2 |
| 2021-01-20 | CVE-2021-1247 | SQL Injection vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. | 8.8 |
| 2021-01-20 | CVE-2021-1241 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. | 7.5 |
| 2021-01-20 | CVE-2021-1235 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in Cisco Sd-Wan Vmanage 18.2.0 A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. | 4.9 |
| 2021-01-20 | CVE-2021-1233 | Improper Input Validation vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. | 4.4 |
| 2021-01-20 | CVE-2021-1225 | SQL Injection vulnerability in Cisco Sd-Wan Vmanage 18.2.0 Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.4 |
| 2021-01-20 | CVE-2021-1222 | SQL Injection vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0 A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 5.5 |
| 2021-01-20 | CVE-2021-1219 | Use of Hard-coded Credentials vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0 A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. | 4.6 |