Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-20714 | Out-of-bounds Read vulnerability in Cisco IOS XR A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. | 8.6 |
| 2022-04-15 | CVE-2022-20716 | Unspecified vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. | 7.8 |
| 2022-04-15 | CVE-2022-20717 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Sd-Wan Vedge Router 20.7 A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. | 5.5 |
| 2022-04-15 | CVE-2022-20718 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-20719 | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-20720 | Link Following vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-20721 | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.9 |
| 2022-04-15 | CVE-2022-20722 | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.9 |
| 2022-04-15 | CVE-2022-20723 | Path Traversal vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-20724 | Race Condition vulnerability in Cisco products Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 5.3 |