1481 matches found
CVE-2018-0131
The vulnerability CVE-2018-0131 affects Cisco IOS and IOS XE when RSA-encrypted nonces are used in IKEv1. The root cause is that the software responds incorrectly to decryption failures, allowing an unauthenticated remote attacker to send crafted ciphertexts and obtain the encrypted nonces from a...
CVE-2018-0131
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...
CVE-2018-0131
A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...
CVE-2018-0397
A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service DoS condition. The vulnerability exists if the affected software is...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Input validation
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...
CVE-2018-0407
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
CVE-2018-0413
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
CVE-2018-0391
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this...
CVE-2018-0406
Cisco Web Security Appliance (WSA) web-based management interface suffers a reflected/DOM-based XSS due to insufficient input validation. An unauthenticated, remote attacker could lure a user into clicking a crafted link, enabling arbitrary script execution in the interface context or leakage of ...
CVE-2018-0397
A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service DoS condition. The vulnerability exists if the affected software is...
CVE-2018-0397
Cisco AMP for Endpoints Mac Connector on macOS 10.12 is affected by CVE-2018-0397. The flaw allows an unauthenticated remote attacker to trigger a kernel panic and DoS if the software is running in Block network conviction mode. Exploitation could occur when a server process is started and an IP ...
CVE-2018-0411
Summary: CVE-2018-0411 describes a reflected cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM). The root cause is insufficient validation of user-supplied input in the interface, enabling an unauthenticated, remote attacke...
CVE-2018-0407
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...
CVE-2018-0406
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based DOM-based cross-site scripting XSS attack against a user of the web-based management interface of an...
CVE-2018-0411
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...
CVE-2018-0399
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044...
CVE-2018-0401
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. Cisco Bug IDs: CSCvg70967...