CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3818
https://notcve.org/view.php?id=CVE-2017-3818
03 Feb 2017 — A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message fi... • http://www.securityfocus.com/bid/95939 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6458
https://notcve.org/view.php?id=CVE-2016-6458
19 Nov 2016 — A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to u... • http://www.securityfocus.com/bid/94074 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6462
https://notcve.org/view.php?id=CVE-2016-6462
19 Nov 2016 — A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Infor... • http://www.securityfocus.com/bid/94360 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6463
https://notcve.org/view.php?id=CVE-2016-6463
19 Nov 2016 — A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Infor... • http://www.securityfocus.com/bid/94363 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0CVE-2016-6406
https://notcve.org/view.php?id=CVE-2016-6406
22 Sep 2016 — Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124 y 10.0.0-125 en dispositivos Email Security Appliance (ESA), cuando se instal... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6309
https://notcve.org/view.php?id=CVE-2015-6309
02 Oct 2015 — Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211. Cisco Email Security Appliance (ESA) 8.5.6-106 y 9.6.0-042 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de descriptor de fichero y renicio del dispositivo) a través de una petición HTTP manipulada, también conocido como Bug ID CSCuw32211. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41241 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0732
https://notcve.org/view.php?id=CVE-2015-0732
29 Jul 2015 — Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. Vulnerabilidad de XSS en Cisco AsyncOS en la Web Security Appliance (WSA) 9.0.0-193, en Email Security Appliance ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2015-4278
https://notcve.org/view.php?id=CVE-2015-4278
16 Jul 2015 — Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. Los dispositivos Cisco Email Security Appliance (ESA) con software 8.5.6-106 y 9.5.0-201 permiten a atacantes remotos provocar una denegación de servicio (corte de recepción del e-mail por dominio) insertando datos de política DMARC manipulados ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39940 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-4236
https://notcve.org/view.php?id=CVE-2015-4236
10 Jul 2015 — Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. Cisco AsyncOS en dispositivos ESA (Email Security Appliance) con software 8.5.6-073, 8.5.6-074 y 9.0.0-461, cuando clustering está habilitado, permite a los atacantes remotos provocar una denegación de servicio mediante inundación, tambi... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39785 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0734
https://notcve.org/view.php?id=CVE-2015-0734
15 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743. Múltiples vulnerabilidades cross-site scripting (XSS) en el Cisco Email Security Appliance (ESA) 8.5.6-106 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados en solicitudes (1) GET o (2) POST, también... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •