Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-16 | CVE-2017-12321 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12320 | Cross-site Scripting vulnerability in Cisco Registered Envelope Service Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. | 6.1 |
| 2017-11-16 | CVE-2017-12315 | Information Exposure vulnerability in Cisco Hyperflex HX Data Platform 2.6(1A) A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. | 6.0 |
| 2017-11-16 | CVE-2017-12313 | Untrusted Search Path vulnerability in Cisco Packet Tracer An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. | 6.7 |
| 2017-11-16 | CVE-2017-12312 | Untrusted Search Path vulnerability in Cisco Advanced Malware Protection for Endpoints 3.1.0 An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. | 6.7 |
| 2017-11-16 | CVE-2017-12311 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. | 5.8 |
| 2017-11-16 | CVE-2017-12309 | HTTP Response Splitting vulnerability in Cisco Email Security Appliance Firmware 10.0.2020/11.0.0105 A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. | 5.3 |
| 2017-11-16 | CVE-2017-12306 | Download of Code Without Integrity Check vulnerability in Cisco Conference Director 20170815 A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. | 4.4 |
| 2017-11-16 | CVE-2017-12305 | OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. | 6.7 |
| 2017-11-16 | CVE-2017-12304 | Cross-site Scripting vulnerability in Cisco IOS 15.7(2.0Z)M A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. | 6.1 |