Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-20255 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Expressway 14.0/14.0.7 A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. | 7.1 |
| 2024-02-07 | CVE-2024-20290 | Out-of-bounds Read vulnerability in multiple products A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. | 7.5 |
| 2024-01-26 | CVE-2024-20253 | Unspecified vulnerability in Cisco products A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. | 10.0 |
| 2024-01-26 | CVE-2024-20263 | Unspecified vulnerability in Cisco products A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. | 7.2 |
| 2024-01-26 | CVE-2024-20305 | Cross-site Scripting vulnerability in Cisco Unity Connection A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2024-01-17 | CVE-2023-20257 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. | 4.8 |
| 2024-01-17 | CVE-2023-20258 | Unspecified vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 7.2 |
| 2024-01-17 | CVE-2023-20260 | Argument Injection or Modification vulnerability in Cisco Prime Infrastructure A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. | 6.7 |
| 2024-01-17 | CVE-2023-20271 | SQL Injection vulnerability in Cisco Prime Infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 6.5 |
| 2024-01-17 | CVE-2024-20251 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. | 5.4 |