Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-21 | CVE-2019-1904 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE 16.1.3/16.2.1/16.3.1 A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |
| 2019-06-20 | CVE-2019-1906 | Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.6 A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. | 4.0 |
| 2019-06-20 | CVE-2019-1905 | Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.2/12.0.0 A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. | 5.0 |
| 2019-06-20 | CVE-2019-1903 | XXE vulnerability in Cisco Security Manager 4.14 A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. | 6.4 |
| 2019-06-20 | CVE-2019-1899 | Forced Browsing vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. | 5.0 |
| 2019-06-20 | CVE-2019-1898 | Forced Browsing vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. | 5.0 |
| 2019-06-20 | CVE-2019-1897 | Missing Authentication for Critical Function vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. | 5.0 |
| 2019-06-20 | CVE-2019-1876 | Missing Authentication for Critical Function vulnerability in Cisco Wide Area Application Services 5.5(7)/6.1(1)/6.4(3B) A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. | 5.0 |
| 2019-06-20 | CVE-2019-1874 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Service Catalog A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |
| 2019-06-20 | CVE-2019-1869 | Access of Uninitialized Pointer vulnerability in Cisco Staros A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. | 5.0 |