Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-08 | CVE-2018-0128 | Cross-site Scripting vulnerability in Cisco Data Center Analytics Framework A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-02-08 | CVE-2018-0123 | Path Traversal vulnerability in Cisco IOS and IOS XE A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. | 5.5 |
| 2018-02-08 | CVE-2018-0122 | OS Command Injection vulnerability in Cisco Staros 21.3.0.67664 A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. | 4.4 |
| 2018-02-08 | CVE-2018-0120 | SQL Injection vulnerability in Cisco Unified Communications Manager 11.5(1.13900.52) A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. | 4.3 |
| 2018-02-08 | CVE-2018-0119 | Unspecified vulnerability in Cisco Conference Director 20170830 A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. | 4.7 |
| 2018-01-18 | CVE-2018-0115 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. | 6.7 |
| 2018-01-18 | CVE-2018-0111 | Information Exposure vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. | 5.3 |
| 2018-01-18 | CVE-2018-0108 | XXE vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. | 5.3 |
| 2018-01-18 | CVE-2018-0105 | Forced Browsing vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. | 5.3 |
| 2018-01-18 | CVE-2018-0100 | XXE vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. | 4.4 |