CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2018-0594 426 +Priv 2018-06-26 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1052 CVE-2018-0593 426 +Priv 2018-06-26 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1053 CVE-2018-0592 426 +Priv 2018-06-26 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1054 CVE-2018-0584 200 Bypass +Info 2018-06-26 2018-08-21
5.0
None Remote Low Not required Partial None None
IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors.
1055 CVE-2018-0575 200 Bypass +Info 2018-06-26 2018-08-21
5.0
None Remote Low Not required Partial None None
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
1056 CVE-2018-0574 79 XSS 2018-06-26 2018-08-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1057 CVE-2018-0573 269 Bypass 2018-06-26 2019-10-03
5.0
None Remote Low Not required Partial None None
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
1058 CVE-2018-0572 Bypass 2018-06-26 2019-10-03
5.5
None Remote Low ??? Partial Partial None
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
1059 CVE-2018-0571 434 2018-06-26 2018-08-21
4.0
None Remote Low ??? None Partial None
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
1060 CVE-2018-0570 79 XSS 2018-06-26 2018-08-21
3.5
None Remote Medium ??? None Partial None
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
1061 CVE-2018-0569 78 Exec Code 2018-06-26 2018-08-21
6.5
None Remote Low ??? Partial Partial Partial
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
1062 CVE-2018-0567 Bypass 2018-06-26 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
1063 CVE-2018-0566 269 Bypass 2018-06-26 2019-10-03
4.0
None Remote Low ??? Partial None None
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
1064 CVE-2018-0565 79 XSS 2018-06-26 2018-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1065 CVE-2018-0563 426 +Priv 2018-06-26 2018-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1066 CVE-2018-0559 79 XSS 2018-06-26 2018-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
1067 CVE-2018-0558 79 XSS 2018-06-26 2018-08-08
4.3
None Remote Medium Not required None Partial None
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
1068 CVE-2018-0557 79 XSS 2018-06-26 2018-08-08
4.3
None Remote Medium Not required None Partial None
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
1069 CVE-2018-0529 20 DoS 2018-06-26 2018-08-08
4.3
None Remote Medium Not required None None Partial
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
1070 CVE-2018-0528 287 Bypass 2018-06-26 2018-08-09
4.0
None Remote Low ??? Partial None None
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
1071 CVE-2018-0527 79 XSS 2018-06-26 2018-08-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1072 CVE-2018-0526 200 +Info 2018-06-26 2018-08-08
4.3
None Remote Medium Not required Partial None None
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
1073 CVE-2018-0496 22 Dir. Trav. 2018-06-12 2019-03-01
6.4
None Remote Low Not required None Partial Partial
Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.
1074 CVE-2018-0495 203 2018-06-13 2020-08-24
1.9
None Local Medium Not required Partial None None
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
1075 CVE-2018-0373 20 DoS 2018-06-21 2019-10-09
4.9
None Local Low Not required None None Complete
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654.
1076 CVE-2018-0371 20 DoS 2018-06-21 2019-10-09
6.8
None Remote Low ??? None None Complete
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Web Admin Interface of an affected Cisco Meeting Server. A successful exploit could allow the attacker to restart the system, terminating all ongoing calls and resulting in a DoS condition on the affected product. This vulnerability affects the following releases of Cisco Meeting Server: Acano X-Series, Cisco Meeting Server 1000, Cisco Meeting Server 2000. Cisco Bug IDs: CSCvi48624.
1077 CVE-2018-0365 352 CSRF 2018-06-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.
1078 CVE-2018-0364 352 CSRF 2018-06-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320.
1079 CVE-2018-0363 352 CSRF 2018-06-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878.
1080 CVE-2018-0362 287 Exec Code Bypass 2018-06-21 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. The vulnerability is due to improper security restrictions that are imposed by the affected system. An attacker could exploit this vulnerability by submitting an empty password value to an affected device's BIOS authentication prompt. An exploit could allow the attacker to have access to a restricted set of user-level BIOS commands. Cisco Bug IDs: CSCvh83260.
1081 CVE-2018-0359 384 2018-06-21 2019-10-09
2.1
None Local Low Not required None Partial None
A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected application does not assign a new session identifier to a user session when a user authenticates to the application. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the application through the web-based management interface. A successful exploit could allow the attacker to hijack an authenticated user's browser session. Cisco Bug IDs: CSCvi23787.
1082 CVE-2018-0358 770 DoS 2018-06-21 2020-08-31
5.0
None Remote Low Not required None None Partial
A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. An attacker could exploit this vulnerability by establishing a high number of concurrent TCP connections to the vulnerable system. An exploit could allow the attacker to cause a restart in a specific process, resulting in a temporary interruption of service. Cisco Bug IDs: CSCvh77056, CSCvh77058, CSCvh95264.
1083 CVE-2018-0357 79 Exec Code XSS 2018-06-07 2019-10-09
4.3
None Remote Medium Not required None Partial None
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi71274.
1084 CVE-2018-0356 79 Exec Code XSS 2018-06-07 2019-10-09
4.3
None Remote Medium Not required None Partial None
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi63757.
1085 CVE-2018-0355 1021 2018-06-07 2020-09-04
4.3
None Remote Medium Not required None Partial None
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.
1086 CVE-2018-0354 79 Exec Code XSS 2018-06-07 2019-10-09
4.3
None Remote Medium Not required None Partial None
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvf76417.
1087 CVE-2018-0353 Bypass 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875.
1088 CVE-2018-0352 732 +Priv 2018-06-07 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673.
1089 CVE-2018-0340 79 Exec Code XSS 2018-06-07 2019-10-09
3.5
None Remote Medium ??? None Partial None
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.
1090 CVE-2018-0339 79 Exec Code XSS 2018-06-07 2019-10-09
4.3
None Remote Medium Not required None Partial None
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309.
1091 CVE-2018-0338 863 Exec Code 2018-06-07 2020-09-04
4.6
None Local Low Not required Partial Partial Partial
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994.
1092 CVE-2018-0337 863 Exec Code 2018-06-21 2020-08-31
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976.
1093 CVE-2018-0336 862 2018-06-07 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578.
1094 CVE-2018-0335 532 2018-06-07 2019-10-09
2.1
None Local Low Not required Partial None None
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.
1095 CVE-2018-0334 295 Bypass 2018-06-07 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141.
1096 CVE-2018-0333 693 Bypass 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerability is due to incorrect management of the configured interface names and VPN parameters when dynamic CLI configuration changes are performed. An attacker could exploit this vulnerability by sending packets through an interface on the targeted device. A successful exploit could allow the attacker to bypass configured VPN policies. Cisco Bug IDs: CSCvh49388.
1097 CVE-2018-0332 DoS 2018-06-07 2019-10-09
5.0
None Remote Low Not required None None Partial
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.
1098 CVE-2018-0331 20 DoS 2018-06-21 2020-08-31
6.1
None Local Network Low Not required None None Complete
A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007.
1099 CVE-2018-0330 78 Exec Code Bypass 2018-06-20 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.
1100 CVE-2018-0329 798 2018-06-07 2020-09-04
5.0
None Remote Low Not required Partial None None
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137.
Total number of vulnerabilities : 1788   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.