Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-0409 | Out-of-bounds Read vulnerability in Cisco products A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. | 5.0 |
| 2018-08-15 | CVE-2018-0386 | Cross-site Scripting vulnerability in Cisco products A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. | 4.3 |
| 2018-08-15 | CVE-2018-0367 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. | 3.5 |
| 2018-08-14 | CVE-2018-0131 | Inadequate Encryption Strength vulnerability in Cisco IOS and IOS XE A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. | 4.3 |
| 2018-08-09 | CVE-2018-0429 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Thor Video Codec Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream. | 4.6 |
| 2018-08-06 | CVE-2018-5390 | Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | 7.5 |
| 2018-08-01 | CVE-2018-0413 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2018-08-01 | CVE-2018-0411 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2018-08-01 | CVE-2018-0408 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |
| 2018-08-01 | CVE-2018-0407 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |