Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-07 | CVE-2019-1912 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. | 6.4 |
| 2019-07-17 | CVE-2019-1943 | Open Redirect vulnerability in Cisco products A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 5.8 |
| 2019-07-17 | CVE-2019-1942 | SQL Injection vulnerability in Cisco Identity Services Engine A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.0 |
| 2019-07-17 | CVE-2019-1941 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2019-07-17 | CVE-2019-1940 | Improper Certificate Validation vulnerability in Cisco Industrial Network Director A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. | 4.3 |
| 2019-07-17 | CVE-2019-1923 | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. | 4.6 |
| 2019-07-17 | CVE-2019-1920 | Unspecified vulnerability in Cisco products A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. low complexity cisco | 6.1 |
| 2019-07-06 | CVE-2019-1933 | Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.2023 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. | 4.3 |
| 2019-07-06 | CVE-2019-1931 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2019-07-06 | CVE-2019-1930 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |