Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-10 | CVE-2018-15456 | Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. | 4.9 |
| 2019-01-10 | CVE-2018-15453 | Out-of-bounds Write vulnerability in Cisco Email Security Appliance Firmware 11.0.1401/11.1.0131 A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. | 8.6 |
| 2019-01-10 | CVE-2018-0484 | Unspecified vulnerability in Cisco IOS 16.6.2/16.6.4 A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. | 6.5 |
| 2019-01-10 | CVE-2018-0483 | Cross-site Scripting vulnerability in Cisco Jabber 10.0(0) A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. | 5.4 |
| 2019-01-10 | CVE-2018-0482 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 3.5(0.0) A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. | 5.4 |
| 2019-01-10 | CVE-2018-0474 | Insufficiently Protected Credentials vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. | 8.8 |
| 2019-01-10 | CVE-2018-0461 | Code Injection vulnerability in Cisco IP Phone 8800 Series Firmware 12.5(1) A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. | 8.8 |
| 2019-01-10 | CVE-2018-0449 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Jabber 12.1(0) A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. | 4.2 |
| 2019-01-10 | CVE-2018-0282 | Unspecified vulnerability in Cisco IOS and IOS XE A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. | 6.8 |
| 2019-01-10 | CVE-2018-0181 | Missing Authentication for Critical Function vulnerability in Cisco products A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. | 9.8 |