Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-26 | CVE-2019-16020 | Resource Exhaustion vulnerability in Cisco IOS XR Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2020-01-26 | CVE-2019-16018 | Resource Exhaustion vulnerability in Cisco IOS XR A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 4.3 |
| 2020-01-26 | CVE-2019-16015 | Cross-site Scripting vulnerability in Cisco Data Center Analytics Framework A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. | 4.3 |
| 2020-01-26 | CVE-2019-16003 | Missing Authentication for Critical Function vulnerability in Cisco UCS Director A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. | 5.0 |
| 2020-01-26 | CVE-2019-15989 | Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2020-01-26 | CVE-2019-15278 | Cross-site Scripting vulnerability in Cisco Finesse and Unified Contact Center Express A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. | 4.3 |
| 2020-01-26 | CVE-2019-15255 | Missing Authorization vulnerability in Cisco Identity Services Engine 2.2/2.2(0.470) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. | 4.0 |
| 2020-01-26 | CVE-2019-12619 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.0 |
| 2020-01-16 | CVE-2010-3048 | NULL Pointer Dereference vulnerability in Cisco Unified Personal Communicator 7.0(1.13056) Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition. | 5.0 |
| 2020-01-15 | CVE-2019-15961 | Resource Exhaustion vulnerability in multiple products A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 6.5 |