Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-0379 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. | 6.8 |
| 2018-07-18 | CVE-2018-0344 | Command Injection vulnerability in Cisco products A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 6.5 |
| 2018-07-18 | CVE-2018-0343 | Improper Privilege Management vulnerability in Cisco products A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. | 6.5 |
| 2018-07-16 | CVE-2018-0385 | Improper Input Validation vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. | 5.0 |
| 2018-07-16 | CVE-2018-0384 | Protection Mechanism Failure vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system. | 5.0 |
| 2018-07-16 | CVE-2018-0383 | Protection Mechanism Failure vulnerability in Cisco Firepower Management Center 6.2.2.1/6.2.3/6.3.0 A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. | 5.0 |
| 2018-07-16 | CVE-2018-0370 | Unspecified vulnerability in Cisco Firepower Management Center 6.1.0.7/6.2.0.5/6.2.2.2 A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. | 5.0 |
| 2018-07-16 | CVE-2018-0369 | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. | 5.0 |
| 2018-07-16 | CVE-2018-0366 | Cross-site Scripting vulnerability in Cisco web Security Appliance 10.1.2003/10.5.1276 A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2018-06-21 | CVE-2018-0373 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. | 4.9 |