Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0462 | Improper Input Validation vulnerability in Cisco Enterprise Network Virtualization Software Nfvis6.0/Nfvis8.0 A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack against an affected system. | 4.9 |
| 2018-10-05 | CVE-2018-0460 | Incorrect Authorization vulnerability in Cisco Network Functions Virtualization Infrastructure A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. | 6.5 |
| 2018-10-05 | CVE-2018-0459 | Incorrect Authorization vulnerability in Cisco Network Functions Virtualization Infrastructure A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or shut down. | 6.5 |
| 2018-10-05 | CVE-2018-0458 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Assurance 11.6.0 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-0457 | Unspecified vulnerability in Cisco Webex Meetings Online T31/T32 A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.5 |
| 2018-10-05 | CVE-2018-0452 | Cross-site Scripting vulnerability in Cisco Tetration Analytics 2.1 A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-0450 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.4(2) A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. | 6.1 |
| 2018-10-05 | CVE-2018-0447 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. | 5.3 |
| 2018-10-05 | CVE-2018-0444 | Cross-site Scripting vulnerability in Cisco Packaged Contact Center Enterprise 11.6(1) A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. | 6.1 |
| 2018-10-05 | CVE-2018-0414 | XXE vulnerability in Cisco Secure Access Control Server Solution Engine A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. | 5.7 |