Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2020-3114 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Network Manager
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
cisco CWE-352
6.8
6.8
2020-02-19 CVE-2020-3113 Cross-site Scripting vulnerability in Cisco Data Center Network Manager
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.
network
cisco CWE-79
3.5
3.5
2020-02-19 CVE-2020-3112 Improper Privilege Management vulnerability in Cisco Data Center Network Manager
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application.
network
low complexity
cisco CWE-269
6.5
6.5
2020-02-19 CVE-2019-1950 Insecure Default Initialization of Resource vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device.
local
low complexity
cisco CWE-1188
8.4
8.4
2020-02-19 CVE-2015-0749 Cross-site Scripting vulnerability in Cisco Unified Communications Manager
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software.
network
cisco CWE-79
4.3
4.3
2020-02-19 CVE-2011-2054 Improper Authentication vulnerability in Cisco products
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct.
network
cisco CWE-287
6.0
6.0
2020-02-12 CVE-2011-4661 Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.
network
cisco CWE-772
4.3
4.3
2020-02-07 CVE-2013-1202 Unspecified vulnerability in Cisco ACE Application Control Engine Module A2 3.6/3.6A
Cisco ACE A2(3.6) allows log retention DoS.
network
low complexity
cisco
5.0
5.0
2020-02-06 CVE-2013-3568 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Linksys Wrt110 Firmware
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
network
cisco CWE-352
6.8
6.8
2020-02-06 CVE-2013-2684 Cross-site Scripting vulnerability in Cisco Linksys E4200 Firmware 1.0.05
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
cisco CWE-79
4.3
4.3