Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2018-0294

    A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affecte... Read more

    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0293

    A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user creden... Read more

    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0292

    A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also caus... Read more

    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-0291

    A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is... Read more

    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-0290

    A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affect... Read more

    Affected Products : socialminer
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0289

    A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application ... Read more

    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-0288

    A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissa... Read more

    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-0287

    A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affecte... Read more

    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-0286

    A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processe... Read more

    Affected Products : ios_xr carrier_routing_system
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-0285

    A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by p... Read more

    Affected Products : prime_service_catalog
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-0284

    A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the loca... Read more

    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-0282

    A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission cont... Read more

    • Published: Jan. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-0280

    A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validat... Read more

    Affected Products : meeting_server
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0279

    A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnera... Read more

    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2018-0277

    A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE app... Read more

    Affected Products : identity_services_engine
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-0276

    A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters tha... Read more

    Affected Products : webex_connect_im
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-0275

    A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker ... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-0274

    A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validatio... Read more

    Affected Products : network_services_orchestrator
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-0273

    A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnel... Read more

    Affected Products : staros asr_5000 asr_5500 asr_5700
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-0272

    A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper error handling while processing ... Read more

    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293577 Results