Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-26 | CVE-2019-15989 | Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2020-01-26 | CVE-2019-15278 | Cross-site Scripting vulnerability in Cisco Finesse and Unified Contact Center Express A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. | 4.3 |
| 2020-01-26 | CVE-2019-15255 | Missing Authorization vulnerability in Cisco Identity Services Engine 2.2/2.2(0.470) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. | 4.0 |
| 2020-01-26 | CVE-2019-12619 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.0 |
| 2020-01-16 | CVE-2010-3048 | NULL Pointer Dereference vulnerability in Cisco Unified Personal Communicator 7.0(1.13056) Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition. | 5.0 |
| 2020-01-15 | CVE-2019-15961 | Resource Exhaustion vulnerability in multiple products A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 6.5 |
| 2020-01-15 | CVE-2012-1326 | Improper Input Validation vulnerability in Cisco Ironport web Security Appliance 7.5 Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks | 5.8 |
| 2020-01-15 | CVE-2012-1316 | Improper Certificate Validation vulnerability in Cisco Ironport web Security Appliance Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | 4.3 |
| 2020-01-06 | CVE-2019-15999 | Unspecified vulnerability in Cisco Data Center Network Manager A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. | 4.0 |
| 2020-01-06 | CVE-2019-15983 | XXE vulnerability in Cisco Data Center Network Manager A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.0 |