Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-18 | CVE-2019-1794 | Uncontrolled Search Path Element vulnerability in Cisco Meeting Server 2.2 A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. | 5.1 |
| 2019-04-18 | CVE-2019-1792 | Cross-site Scripting vulnerability in Cisco Umbrella A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. | 6.1 |
| 2019-04-18 | CVE-2019-1777 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service 5.3.4027 A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service. | 5.4 |
| 2019-04-18 | CVE-2019-1722 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 4.3 |
| 2019-04-18 | CVE-2019-1721 | Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. | 6.8 |
| 2019-04-18 | CVE-2019-1720 | Improper Input Validation vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. | 6.8 |
| 2019-04-17 | CVE-2019-1712 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. | 5.0 |
| 2019-04-17 | CVE-2019-1711 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
| 2019-04-17 | CVE-2019-1686 | Unspecified vulnerability in Cisco IOS XR A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. | 5.0 |
| 2019-04-17 | CVE-2018-0382 | Improper Authentication vulnerability in Cisco Wireless LAN Controller Software 8.1(111.0)/8.5(120.0) A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. | 5.0 |