Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-15 | CVE-2019-1726 | Improper Input Validation vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. | 4.6 |
2019-05-15 | CVE-2019-1717 | Path Traversal vulnerability in Cisco Video Surveillance Manager 7.21 A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. | 5.0 |
2019-05-13 | CVE-2019-1649 | Improper Locking vulnerability in Cisco products A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. | 6.7 |
2019-05-03 | CVE-2019-1859 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. | 6.5 |
2019-05-03 | CVE-2019-1857 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 6.8 |
2019-05-03 | CVE-2019-1856 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 12.1 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
2019-05-03 | CVE-2019-1854 | Path Traversal vulnerability in Cisco Telepresence Video Communication Server X8.11.4 A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. | 4.0 |
2019-05-03 | CVE-2019-1852 | Cross-site Scripting vulnerability in Cisco Network Registrar 9.1(2) A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 4.3 |
2019-05-03 | CVE-2019-1844 | Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.0131 A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. | 5.0 |
2019-05-03 | CVE-2019-1836 | Path Traversal vulnerability in Cisco Nx-Os 14.0(3D) A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. | 6.6 |