CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3132 – Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3132
19 Feb 2020 — A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-shrt-dos-wM54R8qA • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3134 – Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3134
26 Jan 2020 — A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7488
https://notcve.org/view.php?id=CVE-2019-7488
23 Dec 2019 — Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. Una contraseña predeterminada débil causa vulnerabilidad en el dispositivo SonicWall Email Security, lo que conlleva al atacante a conseguir acceso a la base de datos del dispositivo. Esta vulnerabilidad afectó a Email Security Appliance versión 10.0.2 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0014 • CWE-255: Credentials Management Errors CWE-521: Weak Password Requirements •
CVSS: 9.8EPSS: 21%CPEs: 1EXPL: 1CVE-2019-7489
https://notcve.org/view.php?id=CVE-2019-7489
23 Dec 2019 — A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. Una vulnerabilidad en el dispositivo SonicWall Email Security, permite a un usuario no autenticado llevar a cabo una ejecución de código remota. Esta vulnerabilidad afectó a Email Security Appliance versión 10.0.2 y anteriores. • https://github.com/nromsdahl/CVE-2019-7489 • CWE-285: Improper Authorization •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0CVE-2016-1411
https://notcve.org/view.php?id=CVE-2016-1411
14 Dec 2016 — A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. ... • http://www.securityfocus.com/bid/94791 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2016-6356
https://notcve.org/view.php?id=CVE-2016-6356
28 Oct 2016 — A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to ap... • http://www.securityfocus.com/bid/93907 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
06 Nov 2015 — Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6285
https://notcve.org/view.php?id=CVE-2015-6285
14 Sep 2015 — Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. Vulnerabilidad de formato de cadena en Cisco Email Security Appliance (ESA) 7.6.0 y 8.0.0, permite a atacantes remotos causar una denegación de servicio (sobreescritura de memoria e interrupción del proceso) a través de especificadores de formato de cadena en una pe... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40844 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4184
https://notcve.org/view.php?id=CVE-2015-4184
13 Jun 2015 — The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. El escáner anti-spam en los dispositivos Cisco Email Security Appliance (ESA) 3.3.1-09, 7.5.1-gpl-022, y 8.5.6-074 permite a atacantes remotos evadir les restricciones de email a través de un registro DNS SPF malformado, también conocido como Bug IDs CSCuu35853 y CSCuu... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39339 • CWE-20: Improper Input Validation •