Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-15990 | Unspecified vulnerability in Cisco products A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. | 5.3 |
| 2019-11-26 | CVE-2019-15988 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.3 |
| 2019-11-26 | CVE-2019-15987 | Improper Authentication vulnerability in Cisco products A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. | 5.3 |
| 2019-11-26 | CVE-2019-15986 | Improper Input Validation vulnerability in Cisco Unity Express 9.0.6 A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
| 2019-11-26 | CVE-2019-15971 | Insufficient Verification of Data Authenticity vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. | 4.3 |
| 2019-11-26 | CVE-2019-15968 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. | 5.4 |
| 2019-11-26 | CVE-2019-15973 | Cross-site Scripting vulnerability in Cisco Industrial Network Director and Network Level Service A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application. | 6.1 |
| 2019-11-26 | CVE-2019-15967 | Unspecified vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. | 4.4 |
| 2019-11-26 | CVE-2019-15960 | Unspecified vulnerability in Cisco Webex Meetings A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. | 5.4 |
| 2019-11-26 | CVE-2019-15276 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |