Latest CVE Feed
-
7.2
HIGHCVE-2018-0428
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is... Read more
- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0427
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied da... Read more
Affected Products : application_policy_infrastructure_controller_enterprise_module- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-0426
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to s... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-0425
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to s... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0424
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary ... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2018-0423
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial o... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2018-0422
A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability ... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2018-0421
A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect han... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-0420
A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters t... Read more
- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-0419
A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detec... Read more
Affected Products : email_security_appliance- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2018-0418
A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The... Read more
- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-0417
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability... Read more
Affected Products : wireless_lan_controller_software wireless_lan_controller_software wireless_lan_controller- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2018-0416
A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incompl... Read more
- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2018-0415
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, a... Read more
Affected Products : wap121_firmware wap125_firmware wap131_firmware wap150_firmware wap321_firmware wap351_firmware wap361_firmware wap371_firmware wap131 wap150 +6 more products- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2018-0414
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entitie... Read more
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-0413
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vu... Read more
Affected Products : identity_services_engine_software- Published: Aug. 01, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2018-0412
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated,... Read more
Affected Products : wap121_firmware wap125_firmware wap131_firmware wap150_firmware wap321_firmware wap351_firmware wap361_firmware wap371_firmware wap131 wap150 +6 more products- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-0411
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of ... Read more
Affected Products : unified_communications_manager- Published: Aug. 01, 2018
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2018-0410
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vu... Read more
Affected Products : web_security_appliance- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-0409
A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a t... Read more
- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024