Latest CVE Feed
-
4.3
MEDIUMCVE-2018-0361
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.... Read more
- Published: Jul. 16, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-0360
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.... Read more
- Published: Jul. 16, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-0359
A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulne... Read more
Affected Products : meeting_server- Published: Jun. 21, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-0358
A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file ... Read more
Affected Products : telepresence_video_communication_server- Published: Jun. 21, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-0357
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input ... Read more
Affected Products : webex_meetings- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-0356
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input ... Read more
Affected Products : webex_meetings- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-0355
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is d... Read more
Affected Products : unified_communications_manager- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-0354
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insuffic... Read more
Affected Products : unity_connection- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-0353
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a... Read more
Affected Products : web_security_appliance- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-0352
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super... Read more
Affected Products : wide_area_application_services- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-0351
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. A... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0350
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. A... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-0349
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-te... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0348
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-0347
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input va... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-0346
A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2018-0345
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the aff... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-0344
A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. T... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-0343
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected syste... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-0342
A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vu... Read more
Affected Products : vbond_orchestrator vedge-plus vedge-pro vmanage_network_management vsmart_controller vedge-100_firmware vedge_100b_firmware vedge_100m_firmware vedge_100wm_firmware vedge-1000_firmware +9 more products- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024