Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-15430 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server X7.2.4/X8.10.4/X8.9.2 A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. | 6.5 |
| 2018-10-05 | CVE-2018-15429 | Missing Authorization vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. | 5.0 |
| 2018-10-05 | CVE-2018-15428 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 4.3 |
| 2018-10-05 | CVE-2018-15427 | Use of Hard-coded Credentials vulnerability in Cisco Video Surveillance Manager 7.10/7.11/7.11.1 A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials. | 10.0 |
| 2018-10-05 | CVE-2018-15426 | Cross-site Scripting vulnerability in Cisco Unity Connection Vmo11.5(1) A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 3.5 |
| 2018-10-05 | CVE-2018-15425 | Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | 6.5 |
| 2018-10-05 | CVE-2018-15424 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine 2.2(0.470) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. | 6.5 |
| 2018-10-05 | CVE-2018-15423 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. | 4.3 |
| 2018-10-05 | CVE-2018-15422 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |
| 2018-10-05 | CVE-2018-15421 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 9.3 |