Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0421 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco products A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. | 5.0 |
| 2018-10-05 | CVE-2018-0414 | XXE vulnerability in Cisco Secure Access Control Server Solution Engine A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. | 3.5 |
| 2018-10-05 | CVE-2018-0197 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. | 3.3 |
| 2018-08-15 | CVE-2018-0428 | Improper Privilege Management vulnerability in Cisco web Security Appliance A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. | 7.2 |
| 2018-08-15 | CVE-2018-0427 | OS Command Injection vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module Dnac1.1 A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. | 9.0 |
| 2018-08-15 | CVE-2018-0419 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. | 4.3 |
| 2018-08-15 | CVE-2018-0418 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
| 2018-08-15 | CVE-2018-0415 | 7PK - Errors vulnerability in Cisco products A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
| 2018-08-15 | CVE-2018-0412 | Unspecified vulnerability in Cisco products A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). | 2.9 |
| 2018-08-15 | CVE-2018-0410 | Resource Exhaustion vulnerability in Cisco web Security Appliance A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. | 7.8 |