Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-24 | CVE-2018-15465 | Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. | 8.1 |
| 2018-12-23 | CVE-2018-20392 | Insufficiently Protected Credentials vulnerability in Cisco Dpc2100 Firmware 2.0.2R1256060303 S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 9.8 |
| 2018-12-04 | CVE-2018-0468 | Use of Hard-coded Credentials vulnerability in Cisco Energy Management Suite 5.2 A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. | 7.8 |
| 2018-11-28 | CVE-2018-15441 | SQL Injection vulnerability in Cisco Prime License Manager 11.0.1/11.5/11.5(1) A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. | 9.8 |
| 2018-11-13 | CVE-2018-15452 | Uncontrolled Search Path Element vulnerability in Cisco Advanced Malware Protection for Endpoints A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. | 6.7 |
| 2018-11-08 | CVE-2018-15451 | Cross-site Scripting vulnerability in Cisco Prime Service Catalog 12.1 A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 5.4 |
| 2018-11-08 | CVE-2018-15450 | Path Traversal vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. | 6.5 |
| 2018-11-08 | CVE-2018-15449 | Improper Input Validation vulnerability in Cisco Video Surveillance Media Server A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. | 6.5 |
| 2018-11-08 | CVE-2018-15448 | Unspecified vulnerability in Cisco Registered Envelope Service A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. | 7.5 |
| 2018-11-08 | CVE-2018-15447 | SQL Injection vulnerability in Cisco Integrated Management Controller A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. | 9.8 |