Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-17 | CVE-2018-0416 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.5(130.0)/8.9(1.52) A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. | 5.3 |
| 2018-10-17 | CVE-2018-0395 | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System and Nx-Os A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. | 5.3 |
| 2018-10-17 | CVE-2018-0388 | Cross-site Scripting vulnerability in Cisco Wireless LAN Controller Software 8.3(133.0)/8.3(135.0)/8.5(120.0) A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web-based interface of an affected system. | 4.8 |
| 2018-10-05 | CVE-2018-15436 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. | 6.1 |
| 2018-10-05 | CVE-2018-15434 | Cross-site Scripting vulnerability in Cisco Skinny Client Control Protocol Software 9.4(2) A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-15433 | Information Exposure vulnerability in Cisco Prime Infrastructure 3.2 A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. | 4.3 |
| 2018-10-05 | CVE-2018-15432 | Information Exposure vulnerability in Cisco Prime Infrastructure 3.2 A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. | 4.3 |
| 2018-10-05 | CVE-2018-15429 | Missing Authorization vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. | 5.3 |
| 2018-10-05 | CVE-2018-15428 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 6.8 |
| 2018-10-05 | CVE-2018-15426 | Cross-site Scripting vulnerability in Cisco Unity Connection Vmo11.5(1) A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. | 4.8 |