Latest CVE Feed
-
7.8
HIGHCVE-2017-12243
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on t... Read more
Affected Products : unified_computing_system_manager_firmware firepower_9300_security_appliance_firmware firepower_4100_next-generation_firewall_firmware unified_computing_system_manager firepower_9300_security_appliance firepower_4110_next-generation_firewall firepower_4120_next-generation_firewall firepower_4140_next-generation_firewall firepower_4150_next-generation_firewall- Published: Nov. 02, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-12260
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive... Read more
- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
9.9
CRITICALCVE-2017-12251
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerab... Read more
Affected Products : cloud_services_platform_2100- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-12262
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal ... Read more
Affected Products : application_policy_infrastructure_controller_enterprise_module- Published: Nov. 02, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-12269
A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected so... Read more
Affected Products : spark- Published: Oct. 05, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-12265
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface o... Read more
Affected Products : adaptive_security_appliance- Published: Oct. 05, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-12346
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client ... Read more
Affected Products : data_center_network_manager- Published: Nov. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-12414
Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.... Read more
Affected Products : format_factory- Published: Aug. 03, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-12435
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.... Read more
Affected Products : imagemagick- Published: Aug. 04, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-12274
A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (... Read more
- Published: Nov. 02, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-12282
A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resultin... Read more
Affected Products : wireless_lan_controller_software wireless_lan_controller wireless_lan_controller- Published: Nov. 02, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-12443
The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.... Read more
Affected Products : minidjvu- Published: Aug. 17, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-12460
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a w... Read more
Affected Products : clickshare_csm-1_firmware clickshare_csc-1_firmware clickshare_csc-1 clickshare_csm-1- Published: Oct. 30, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-12258
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient... Read more
Affected Products : unified_communications_manager- Published: Oct. 05, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-12284
A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack o... Read more
Affected Products : jabber- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
6.8
MEDIUMCVE-2017-12342
A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measu... Read more
- Published: Nov. 30, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-12273
A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulti... Read more
- Published: Nov. 02, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-12292
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an ... Read more
Affected Products : email_encryption- Published: Nov. 16, 2017
- Modified: Apr. 20, 2025
-
6.3
MEDIUMCVE-2017-12335
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vu... Read more
- Published: Nov. 30, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-12277
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be execut... Read more
- Published: Nov. 02, 2017
- Modified: Apr. 20, 2025