CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2016-1423
https://notcve.org/view.php?id=CVE-2016-1423
28 Oct 2016 — A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047. • http://www.securityfocus.com/bid/93912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2016-1480
https://notcve.org/view.php?id=CVE-2016-1480
28 Oct 2016 — A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming ... • http://www.securityfocus.com/bid/93914 • CWE-388: 7PK - Errors •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2016-1486
https://notcve.org/view.php?id=CVE-2016-1486
28 Oct 2016 — A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email ... • http://www.securityfocus.com/bid/93906 • CWE-19: Data Processing Errors •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
05 Oct 2016 — The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 0CVE-2016-1405 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1405
08 Jun 2016 — libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. libclamav en ClamAV (también conocida como Clam AntiVirus), tal como se utiliza en Advanced Malware Protection (AMP) en dispositivos Cis... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1315
https://notcve.org/view.php?id=CVE-2016-1315
12 Feb 2016 — The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. El motor proxy en Cisco Advanced Malware Protection (AMP), cuando se utiliza con Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051 y 9.7.0-125, permite a atacantes remotos eludir las restricciones destinadas al contenido... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160211-esaamp • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
06 Nov 2015 — Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 16EXPL: 0CVE-2015-6291
https://notcve.org/view.php?id=CVE-2015-6291
06 Nov 2015 — Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151. Cisco AsyncOS en versiones anteriores a 8.... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0732
https://notcve.org/view.php?id=CVE-2015-0732
29 Jul 2015 — Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. Vulnerabilidad de XSS en Cisco AsyncOS en la Web Security Appliance (WSA) 9.0.0-193, en Email Security Appliance ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •