Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-26 | CVE-2016-10025 | NULL Pointer Dereference vulnerability in multiple products VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | 5.5 |
| 2017-01-26 | CVE-2016-10024 | Improper Input Validation vulnerability in multiple products Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | 6.0 |
| 2017-01-26 | CVE-2017-3805 | Information Exposure vulnerability in Cisco IOX 1.0(0) A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. | 5.3 |
| 2017-01-26 | CVE-2017-3804 | Unspecified vulnerability in Cisco Nx-Os A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. high complexity cisco | 6.1 |
| 2017-01-26 | CVE-2017-3803 | Missing Release of Resource after Effective Lifetime vulnerability in Cisco IOS 15.2(2)E3/15.2(4)E1 A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition. | 4.7 |
| 2017-01-26 | CVE-2017-3802 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99000.9) A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-01-26 | CVE-2017-3800 | Improper Input Validation vulnerability in Cisco Email Security Appliance 9.7.1066/9.7.1Hp2207/9.8.5085 A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. | 5.8 |
| 2017-01-26 | CVE-2017-3799 | Open Redirect vulnerability in Cisco Webex Meeting Center Wbs28Base A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. | 5.4 |
| 2017-01-26 | CVE-2017-3798 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.12000.1) A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. | 6.1 |
| 2017-01-26 | CVE-2017-3797 | Information Exposure vulnerability in Cisco Webex Meetings Server 2.7.1/2.7Base A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. | 5.3 |