Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-23 | CVE-2019-15287 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 7.8 |
| 2020-09-23 | CVE-2019-15289 | Improper Input Validation vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2020-09-23 | CVE-2019-15959 | Improper Input Validation vulnerability in Cisco Spa500 Series IP Phones Firmware A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. | 6.6 |
| 2020-09-23 | CVE-2019-15969 | Cross-site Scripting vulnerability in Cisco web Security Appliance A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. | 6.1 |
| 2020-09-23 | CVE-2019-15993 | Improper Authentication vulnerability in Cisco products A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. | 5.3 |
| 2020-09-23 | CVE-2019-16000 | Insufficient Verification of Data Authenticity vulnerability in Cisco Umbrella Roaming Client 2.2.238 A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. | 4.4 |
| 2020-09-23 | CVE-2019-16004 | Missing Authentication for Critical Function vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. | 6.5 |
| 2020-09-23 | CVE-2019-16007 | Insufficient Verification of Data Authenticity vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. | 7.1 |
| 2020-09-23 | CVE-2019-16009 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2020-09-23 | CVE-2019-16017 | Improper Input Validation vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. | 6.8 |