CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2016-1480
https://notcve.org/view.php?id=CVE-2016-1480
28 Oct 2016 — A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming ... • http://www.securityfocus.com/bid/93914 • CWE-388: 7PK - Errors •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2016-1486
https://notcve.org/view.php?id=CVE-2016-1486
28 Oct 2016 — A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email ... • http://www.securityfocus.com/bid/93906 • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1315
https://notcve.org/view.php?id=CVE-2016-1315
12 Feb 2016 — The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. El motor proxy en Cisco Advanced Malware Protection (AMP), cuando se utiliza con Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051 y 9.7.0-125, permite a atacantes remotos eludir las restricciones destinadas al contenido... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160211-esaamp • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
06 Nov 2015 — Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 16EXPL: 0CVE-2015-6291
https://notcve.org/view.php?id=CVE-2015-6291
06 Nov 2015 — Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151. Cisco AsyncOS en versiones anteriores a 8.... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4278
https://notcve.org/view.php?id=CVE-2015-4278
16 Jul 2015 — Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. Los dispositivos Cisco Email Security Appliance (ESA) con software 8.5.6-106 y 9.5.0-201 permiten a atacantes remotos provocar una denegación de servicio (corte de recepción del e-mail por dominio) insertando datos de política DMARC manipulados ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39940 • CWE-20: Improper Input Validation •