CVSS: 8.3EPSS: 0%CPEs: 105EXPL: 0CVE-2014-3392
https://notcve.org/view.php?id=CVE-2014-3392
10 Oct 2014 — The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136. El portal Clientless SSL VPN en Cisco ASA Software 8.2 anterior a 8.2(5.51), 8.3 anterior a 8.3(2.42), 8.4 anterior a 8.4(7.23), 8.6 a... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa •
CVSS: 8.2EPSS: 0%CPEs: 102EXPL: 0CVE-2014-3393
https://notcve.org/view.php?id=CVE-2014-3393
10 Oct 2014 — The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829. El Framework de la personalización de portales Clie... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 32%CPEs: 8EXPL: 1CVE-2014-2127 – Cisco ASA SSL VPN Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-2127
10 Apr 2014 — Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099. Cisco Adaptive Security Appliance (ASA) Software 8.x anterio... • https://packetstorm.news/files/id/181167 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2128
https://notcve.org/view.php?id=CVE-2014-2128
10 Apr 2014 — The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555. La implementación SSL VPN en Cisco Adaptive Security Appliance (ASA) Software 8.2 anterior a 8.2(5.47, 8.3 anterior a 8.3(2.40), 8.4 anterior a 8.... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2013-6682
https://notcve.org/view.php?id=CVE-2013-6682
13 Nov 2013 — The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial of service (connection-database corruption) via an invalid entry, aka Bug ID CSCui33299. La implementación phone-proxy en Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 y anteriores versiones no valida adecuadamente certificados X.509, lo que permite a atacantes remotos provocar una denegación de servic... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6682 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 118EXPL: 0CVE-2013-5560
https://notcve.org/view.php?id=CVE-2013-5560
13 Nov 2013 — The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCue34342. La implementación IPv6 en Cisco Adaptive Security Appliance (ASA) Software 9.1.3 y anteriores versiones, cuando NAT64 o NAT66 están activados, no procesan adecuadamente reglas NAT, lo que permite a atacantes remotos provocar una ... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5560 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2013-5568
https://notcve.org/view.php?id=CVE-2013-5568
13 Nov 2013 — The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308. La implementación auto-update en Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 y anteriores versiones permite a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de datos de actualización manipulados, también conocido como Bug ID CSCui33308. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5568 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2013-5513
https://notcve.org/view.php?id=CVE-2013-5513
13 Oct 2013 — Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(7), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.3), and 9.1.x before 9.1(1.8), when the DNS ALPI engine is enabled for TCP, allows remote attackers to cause a denial of service (device reload) via crafted TCP DNS packets, aka Bug ID CSCug03975. Cisco Adaptive Security Appliance (ASA) 8.2.x Software anterior a 8,2 (5,46), 8.3.x anterior a 8,3 (2,39), ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2013-5515
https://notcve.org/view.php?id=CVE-2013-5515
13 Oct 2013 — The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests, aka Bug ID CSCua22709. La función de Clientless SSL VPN de Cisco Adaptive Security Appliance (ASA) Software 8.x anteiror a 8,2 (5,44), 8.3.x anterior a 8,3 (2,39), 8.4.x anterior a 8,4 (5,7)... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 168EXPL: 0CVE-2013-5508
https://notcve.org/view.php?id=CVE-2013-5508
13 Oct 2013 — The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27) and 4.x before 4.1(14) allows remote attackers to cause a denial of service (device reload) via crafted segmented Transparent Network Substrate (TNS) packe... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa • CWE-20: Improper Input Validation •