CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2016-1480
https://notcve.org/view.php?id=CVE-2016-1480
28 Oct 2016 — A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming ... • http://www.securityfocus.com/bid/93914 • CWE-388: 7PK - Errors •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2016-1481
https://notcve.org/view.php?id=CVE-2016-1481
28 Oct 2016 — A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. Mo... • http://www.securityfocus.com/bid/93908 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2016-1486
https://notcve.org/view.php?id=CVE-2016-1486
28 Oct 2016 — A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email ... • http://www.securityfocus.com/bid/93906 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2016-6356
https://notcve.org/view.php?id=CVE-2016-6356
28 Oct 2016 — A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to ap... • http://www.securityfocus.com/bid/93907 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6357
https://notcve.org/view.php?id=CVE-2016-6357
28 Oct 2016 — A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. Una vulnerabilidad en las políticas de seguridad configuradas, incluida la caída del filtrado de email, en Cisco AsyncOS para Cisco Email Security Appli... • http://www.securityfocus.com/bid/93909 • CWE-388: 7PK - Errors •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6358
https://notcve.org/view.php?id=CVE-2016-6358
28 Oct 2016 — A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. Una vulnerabilidad en FTP local a Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) parcia... • http://www.securityfocus.com/bid/93905 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2016-6360
https://notcve.org/view.php?id=CVE-2016-6360
28 Oct 2016 — A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release... • http://www.securityfocus.com/bid/93910 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 0CVE-2016-6372
https://notcve.org/view.php?id=CVE-2016-6372
28 Oct 2016 — A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco Asyn... • http://www.securityfocus.com/bid/93911 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
05 Oct 2016 — The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 5EXPL: 0CVE-2016-1405 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1405
08 Jun 2016 — libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. libclamav en ClamAV (también conocida como Clam AntiVirus), tal como se utiliza en Advanced Malware Protection (AMP) en dispositivos Cis... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •