CVSS: 7.8EPSS: 1%CPEs: 28EXPL: 0CVE-2016-1382
https://notcve.org/view.php?id=CVE-2016-1382
25 May 2016 — Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. Cisco AsyncOS en versiones anteriores a 8.5.3-069 y 8.6 hasta la versión 8.8 en dispositivos Web Security Appliance (WSA) no maneja correctamente la asignación de memoria para peticiones HTTP, lo que permite a atacantes remotos provocar una dene... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2016-1383
https://notcve.org/view.php?id=CVE-2016-1383
25 May 2016 — Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. Fuga de memoria en Cisco AsyncOS hasta la versión 8.8 en dispositivos Web Security Appliance (WSA) permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un código de estado HTTP no especificado, también conocida como Bug ID CSCur28305. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2016-1288
https://notcve.org/view.php?id=CVE-2016-1288
03 Mar 2016 — The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840. La funcionalidad de HTTPS Proxy en Cisco AsyncOS en versiones anteriores a 8.5.3-051 y 9.x en versiones anteriores a 9.0.0-485 en dispositivos Web Security Appliance (WSA) permite a atancantes remotos causar una d... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6386
https://notcve.org/view.php?id=CVE-2015-6386
01 Dec 2015 — The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150. La funcionalidad passthroug FTP en dispositivos Cisco Web Security Appliance (WSA) con software 8.0.7-142 y 8.5.1-021 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de sesiones FTP en ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-6292
https://notcve.org/view.php?id=CVE-2015-6292
06 Nov 2015 — The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922. La implementación proxy- caché en Cisco AsyncOS 8.0.x en versiones anteriores a 8.0.7-151, 8.1.x y 8.5.x en versiones anteriores a 8.5.2-004, 8.6.x y 8.7.x en versiones ante... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1 • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6298
https://notcve.org/view.php?id=CVE-2015-6298
06 Nov 2015 — The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. La interfaz de administración web en Cisco AsyncOS 8.x en versiones anteriores a 8.0.8-113, 8.1.x y 8.5.x en versiones anteriores a 8.5.3-051, 8.6.x y 8.7.x en versiones anteriores a... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-6293
https://notcve.org/view.php?id=CVE-2015-6293
06 Nov 2015 — Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. Cisco AsyncOS 8.x en versiones anteriores a 8.0.8-113, 8.1.x y 8.5.x en versiones anteriores a 8.5.3-051, 8.6.x y 8.7.x en versiones anteriores a 8.7.0-171-LD y 8.8.x en versiones anteriores a 8.8.0-085 en d... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
06 Nov 2015 — Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4288
https://notcve.org/view.php?id=CVE-2015-4288
29 Jul 2015 — The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. Vulnerabilidad en la implementación LDAP en Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Applian... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40137 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4198
https://notcve.org/view.php?id=CVE-2015-4198
20 Jun 2015 — Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. Vulnerabilidad de XSS en el Framework web en los dispositivos Cisco Web Security Appliance (WSA) con software 8.5.0-497 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una cabecera HTTP no especificada, también cono... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •