Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-06 | CVE-2019-1891 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.0 |
| 2019-07-06 | CVE-2019-1887 | Out-of-bounds Write vulnerability in Cisco Unified Communications Manager A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2019-07-04 | CVE-2019-1886 | Improper Certificate Validation vulnerability in Cisco Asyncos and web Security Appliance A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2019-07-04 | CVE-2019-1884 | Improper Input Validation vulnerability in Cisco Asyncos and web Security Appliance A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 4.0 |
| 2019-06-27 | CVE-2019-1622 | Improper Access Control vulnerability in Cisco Data Center Network Manager 11.0(1) A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. | 5.0 |
| 2019-06-27 | CVE-2019-1621 | Permissions, Privileges, and Access Controls vulnerability in Cisco Data Center Network Manager 11.0(1) A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. | 5.0 |
| 2019-06-21 | CVE-2019-1904 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE 16.1.3/16.2.1/16.3.1 A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.8 |
| 2019-06-20 | CVE-2019-1906 | Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.6 A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. | 4.0 |
| 2019-06-20 | CVE-2019-1905 | Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.2/12.0.0 A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. | 5.0 |
| 2019-06-20 | CVE-2019-1903 | XXE vulnerability in Cisco Security Manager 4.14 A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. | 6.4 |