Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2018-0371

    A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could... Read more

    Affected Products : meeting_server
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2018-0369

    A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. T... Read more

    Affected Products : staros asr_5000 asr_5500 asr_5700
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-0368

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected s... Read more

    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-0367

    A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affecte... Read more

    Affected Products : registered_envelope_service
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0366

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an... Read more

    Affected Products : web_security_appliance
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0364

    A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.... Read more

    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0363

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary... Read more

    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2018-0362

    A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute action... Read more

    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-0361

    ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.... Read more

    Affected Products : debian_linux clamav
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-0360

    ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.... Read more

    Affected Products : ubuntu_linux debian_linux clamav
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-0359

    A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulne... Read more

    Affected Products : meeting_server
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0358

    A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file ... Read more

    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0357

    A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input ... Read more

    Affected Products : webex_meetings
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0356

    A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input ... Read more

    Affected Products : webex_meetings
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0355

    A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is d... Read more

    Affected Products : unified_communications_manager
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0354

    A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insuffic... Read more

    Affected Products : unity_connection
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0353

    A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a... Read more

    Affected Products : web_security_appliance
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-0352

    A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super... Read more

    Affected Products : wide_area_application_services
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-0351

    A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. A... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0350

    A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. A... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293510 Results