Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-12366 | Cross-site Scripting vulnerability in Cisco Webex Meeting Center T32.6 A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. | 4.3 |
| 2017-11-30 | CVE-2017-12365 | Information Exposure vulnerability in Cisco Webex Meeting Center T32.6 A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. | 4.0 |
| 2017-11-30 | CVE-2017-12364 | SQL Injection vulnerability in Cisco Prime Service Catalog 11.1.1/12.0/12.1 A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. | 6.4 |
| 2017-11-30 | CVE-2017-12363 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Webex Meetings Server 2.6.0.8/2.7 A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. | 5.0 |
| 2017-11-30 | CVE-2017-12360 | Unspecified vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. network cisco | 4.3 |
| 2017-11-30 | CVE-2017-12359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meeting Center and Webex Meetings Server A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. | 4.3 |
| 2017-11-30 | CVE-2017-12356 | Cross-site Scripting vulnerability in Cisco Jabber 10.5(2)/11.9(1) A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-11-30 | CVE-2017-12355 | Improper Input Validation vulnerability in Cisco IOS XR 6.4.1Base A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. | 5.0 |
| 2017-11-30 | CVE-2017-12354 | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(0.32) A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 5.0 |
| 2017-11-30 | CVE-2017-12353 | Unspecified vulnerability in Cisco Asyncos A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. | 5.0 |