Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-12358 | Cross-site Scripting vulnerability in Cisco Jabber 11.9(0) A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. | 5.4 |
| 2017-11-30 | CVE-2017-12357 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2017-11-30 | CVE-2017-12356 | Cross-site Scripting vulnerability in Cisco Jabber 10.5(2)/11.9(1) A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-11-30 | CVE-2017-12355 | Improper Input Validation vulnerability in Cisco IOS XR 6.4.1Base A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. | 5.3 |
| 2017-11-30 | CVE-2017-12354 | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(0.32) A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 5.3 |
| 2017-11-30 | CVE-2017-12353 | Unspecified vulnerability in Cisco Asyncos A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. | 5.8 |
| 2017-11-30 | CVE-2017-12352 | Command Injection vulnerability in Cisco Application Policy Infrastructure Controller 2.3(1F) A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. | 6.7 |
| 2017-11-30 | CVE-2017-12351 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(3)I7(1)/8.1(0)Bd(0.20) A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. | 5.7 |
| 2017-11-30 | CVE-2017-12349 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 2.2(1A)A Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. | 5.4 |
| 2017-11-30 | CVE-2017-12348 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 2.2(1A)A Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. | 5.4 |