Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-15409 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 7.8 |
| 2018-10-05 | CVE-2018-15408 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 7.8 |
| 2018-10-05 | CVE-2018-15407 | Incomplete Cleanup vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A) A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. | 5.5 |
| 2018-10-05 | CVE-2018-15406 | Cross-site Scripting vulnerability in Cisco UCS Director 6.6 A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 6.1 |
| 2018-10-05 | CVE-2018-15405 | Incorrect Authorization vulnerability in Cisco UCS Director 2.1(0.0)/6.6(1.0) A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. | 6.5 |
| 2018-10-05 | CVE-2018-15404 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco products A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. | 6.5 |
| 2018-10-05 | CVE-2018-15403 | Open Redirect vulnerability in Cisco products A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. | 5.4 |
| 2018-10-05 | CVE-2018-15401 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 11.5(2)/11.5(3)/12.5(1) A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 6.5 |
| 2018-10-05 | CVE-2018-15400 | Cross-site Scripting vulnerability in Cisco Cloud Services Platform 2100 Firmware 2.3(0) A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-15399 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco products A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. | 6.8 |