Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-18 | CVE-2018-0090 | Resource Exhaustion vulnerability in Cisco Nx-Os 7.3(2)N1(0.6)/8.3(0)Kms(0.31)/8.8(3.5)S0 A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. | 7.5 |
| 2018-01-18 | CVE-2018-0089 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Policy Suite 10.0.0/11.0.0/11.1.0 A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. | 7.5 |
| 2018-01-18 | CVE-2018-0088 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Industrial Ethernet 4010 Series Firmware A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. | 6.7 |
| 2018-01-18 | CVE-2018-0086 | Resource Exhaustion vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. | 8.6 |
| 2018-01-18 | CVE-2017-12308 | Unspecified vulnerability in Cisco products A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. | 6.1 |
| 2018-01-18 | CVE-2017-12307 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2018-01-11 | CVE-2018-0118 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-01-04 | CVE-2018-0114 | Improper Verification of Cryptographic Signature vulnerability in Cisco Node-Jose A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. | 7.5 |
| 2018-01-04 | CVE-2018-0104 | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. | 9.6 |
| 2018-01-04 | CVE-2018-0103 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. | 7.8 |