Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-04 | CVE-2019-1884 | Improper Input Validation vulnerability in Cisco Asyncos and web Security Appliance A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2019-07-04 | CVE-2019-1855 | Uncontrolled Search Path Element vulnerability in Cisco Jabber A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. | 7.3 |
| 2019-06-27 | CVE-2019-1622 | Information Exposure Through Log Files vulnerability in Cisco Data Center Network Manager 11.0(1) A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. | 5.3 |
| 2019-06-27 | CVE-2019-1621 | Path Traversal vulnerability in Cisco Data Center Network Manager 11.0(1) A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. | 7.5 |
| 2019-06-27 | CVE-2019-1620 | Path Traversal vulnerability in Cisco Data Center Network Manager 11.0(1) A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. | 9.8 |
| 2019-06-27 | CVE-2019-1619 | Use of Hard-coded Credentials vulnerability in Cisco Data Center Network Manager 10.4(2) A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. | 9.8 |
| 2019-06-21 | CVE-2019-1904 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE 16.1.3/16.2.1/16.3.1 A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.8 |
| 2019-06-20 | CVE-2019-1906 | Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.6 A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. | 6.5 |
| 2019-06-20 | CVE-2019-1905 | Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.2/12.0.0 A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. | 5.8 |
| 2019-06-20 | CVE-2019-1903 | XXE vulnerability in Cisco Security Manager 4.14 A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. | 9.1 |