Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-08 | CVE-2018-15449 | Improper Input Validation vulnerability in Cisco Video Surveillance Media Server A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. | 4.3 |
| 2018-11-08 | CVE-2018-15448 | Unspecified vulnerability in Cisco Registered Envelope Service A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. | 5.0 |
| 2018-11-08 | CVE-2018-15446 | Information Exposure vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. | 5.0 |
| 2018-11-08 | CVE-2018-15445 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Energy Management Suite Software A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.0 |
| 2018-11-08 | CVE-2018-15444 | XXE vulnerability in Cisco Energy Management Suite Software A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. | 4.9 |
| 2018-11-08 | CVE-2018-15443 | Resource Exhaustion vulnerability in Cisco Firepower System Software A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. | 5.0 |
| 2018-11-08 | CVE-2018-15393 | Cross-site Scripting vulnerability in Cisco Content Security Management Appliance A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 4.3 |
| 2018-11-08 | CVE-2018-0284 | Unspecified vulnerability in Cisco products A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. | 4.0 |
| 2018-10-17 | CVE-2018-15438 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 12.1 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 4.3 |
| 2018-10-17 | CVE-2018-0443 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.2(151.0) A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |