CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 0CVE-2016-6372
https://notcve.org/view.php?id=CVE-2016-6372
28 Oct 2016 — A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco Asyn... • http://www.securityfocus.com/bid/93911 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
05 Oct 2016 — The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 41EXPL: 0CVE-2016-6407
https://notcve.org/view.php?id=CVE-2016-6407
17 Sep 2016 — Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219. Cisco AsyncOS hasta la versión 9.5.0-444 en dispositivos Web Security Appliance (WSA) permite a atacantes remotos provocar una denegación de servicio (saturación de enlace) haciendo muchas peticiones HTTP para el solapamiento de rangos de byte simultáneamente, vulnerabilid... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wsa • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2016-1440
https://notcve.org/view.php?id=CVE-2016-1440
02 Jul 2016 — The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468. El proceso proxy en dispositivos Cisco Web Security Appliance (WSA) hasta la versión 9.1.0-070 permite a atacantes remotos causar una denegación de servicios (consumo de CPU) estableciendo una sesión FTP y entonces terminando i... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160627-wsa • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 0CVE-2016-1405 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1405
08 Jun 2016 — libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. libclamav en ClamAV (también conocida como Clam AntiVirus), tal como se utiliza en Advanced Malware Protection (AMP) en dispositivos Cis... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-1381
https://notcve.org/view.php?id=CVE-2016-1381
25 May 2016 — Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270. Fuga de memoria en Cisco AsyncOS 8.5 hasta la versión 9.0 en versiones anteriores a 9.0.1-162 en dispositivos Web Security Appliance (WSA) permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una petición HTTP file-ran... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1296
https://notcve.org/view.php?id=CVE-2016-1296
20 Jan 2016 — The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. El motor de proxy en dispositivos Cisco Web Security Appliance (WSA) con software 8.5.3-055, 9.1.0-000 y 9.5.0-235 permite a atacantes remotos eludir las restricciones destinadas al proxy a través de un método HTTP mal formado, también conocido como Bug ID CSCux00848. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
06 Nov 2015 — Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0732
https://notcve.org/view.php?id=CVE-2015-0732
29 Jul 2015 — Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. Vulnerabilidad de XSS en Cisco AsyncOS en la Web Security Appliance (WSA) 9.0.0-193, en Email Security Appliance ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •