Vulnerabilities > Cisco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-10 | CVE-2018-15453 | Out-of-bounds Write vulnerability in Cisco Email Security Appliance Firmware 11.0.1401/11.1.0131 A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. | 8.6 |
| 2019-01-10 | CVE-2018-0474 | Insufficiently Protected Credentials vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. | 8.8 |
| 2019-01-10 | CVE-2018-0461 | Code Injection vulnerability in Cisco IP Phone 8800 Series Firmware 12.5(1) A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. | 8.8 |
| 2018-12-24 | CVE-2018-15465 | Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. | 8.1 |
| 2018-12-04 | CVE-2018-0468 | Use of Hard-coded Credentials vulnerability in Cisco Energy Management Suite 5.2 A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. | 7.8 |
| 2018-11-08 | CVE-2018-15448 | Unspecified vulnerability in Cisco Registered Envelope Service A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. | 7.5 |
| 2018-11-08 | CVE-2018-15446 | Information Exposure vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. | 7.5 |
| 2018-11-08 | CVE-2018-15445 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Energy Management Suite Software A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.0 |
| 2018-11-08 | CVE-2018-15444 | XXE vulnerability in Cisco Energy Management Suite Software A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. | 7.3 |
| 2018-11-08 | CVE-2018-15443 | Resource Exhaustion vulnerability in Cisco Firepower System Software A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. | 7.5 |