Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-08 | CVE-2018-15437 | Resource Exhaustion vulnerability in Cisco products A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. | 2.1 |
| 2018-11-08 | CVE-2018-15394 | Unspecified vulnerability in Cisco Stealthwatch Enterprise A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. | 7.5 |
| 2018-11-08 | CVE-2018-15393 | Cross-site Scripting vulnerability in Cisco Content Security Management Appliance A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.3 |
| 2018-11-08 | CVE-2018-15381 | Deserialization of Untrusted Data vulnerability in Cisco Unity Express A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. | 10.0 |
| 2018-11-08 | CVE-2018-0284 | Unspecified vulnerability in Cisco products A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. | 4.0 |
| 2018-11-01 | CVE-2018-15454 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. | 8.6 |
| 2018-10-24 | CVE-2018-15442 | OS Command Injection vulnerability in Cisco Webex Meetings Desktop and Webex Productivity Tools A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. | 7.2 |
| 2018-10-17 | CVE-2018-15438 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 12.1 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 4.3 |
| 2018-10-17 | CVE-2018-0443 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.2(151.0) A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2018-10-17 | CVE-2018-0442 | Unspecified vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. | 5.0 |