Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-18 | CVE-2018-0089 | Cleartext Storage of Sensitive Information vulnerability in Cisco Policy Suite 10.0.0/11.0.0/11.1.0 A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. | 5.0 |
| 2018-01-18 | CVE-2018-0086 | Resource Exhaustion vulnerability in Cisco Unified Customer Voice Portal A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. | 5.0 |
| 2018-01-18 | CVE-2017-12308 | Unspecified vulnerability in Cisco products A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. network cisco | 5.8 |
| 2018-01-18 | CVE-2017-12307 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2018-01-11 | CVE-2018-0118 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2018-01-04 | CVE-2018-0114 | Improper Verification of Cryptographic Signature vulnerability in Cisco Node-Jose A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. | 5.0 |
| 2017-12-15 | CVE-2017-12373 | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. | 4.3 |
| 2017-12-01 | CVE-2017-6679 | Unspecified vulnerability in Cisco Umbrella 2.0.3 The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. | 6.4 |
| 2017-11-30 | CVE-2017-12372 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings and Webex Meetings Server A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. | 6.8 |
| 2017-11-30 | CVE-2017-12371 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings T30/T31 A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. | 6.8 |