CVSS: 7.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
06 Nov 2015 — Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6309
https://notcve.org/view.php?id=CVE-2015-6309
02 Oct 2015 — Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211. Cisco Email Security Appliance (ESA) 8.5.6-106 y 9.6.0-042 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de descriptor de fichero y renicio del dispositivo) a través de una petición HTTP manipulada, también conocido como Bug ID CSCuw32211. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41241 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6285
https://notcve.org/view.php?id=CVE-2015-6285
14 Sep 2015 — Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. Vulnerabilidad de formato de cadena en Cisco Email Security Appliance (ESA) 7.6.0 y 8.0.0, permite a atacantes remotos causar una denegación de servicio (sobreescritura de memoria e interrupción del proceso) a través de especificadores de formato de cadena en una pe... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40844 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4288
https://notcve.org/view.php?id=CVE-2015-4288
29 Jul 2015 — The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. Vulnerabilidad en la implementación LDAP en Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Applian... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40137 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-4236
https://notcve.org/view.php?id=CVE-2015-4236
10 Jul 2015 — Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. Cisco AsyncOS en dispositivos ESA (Email Security Appliance) con software 8.5.6-073, 8.5.6-074 y 9.0.0-461, cuando clustering está habilitado, permite a los atacantes remotos provocar una denegación de servicio mediante inundación, tambi... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39785 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4184
https://notcve.org/view.php?id=CVE-2015-4184
13 Jun 2015 — The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. El escáner anti-spam en los dispositivos Cisco Email Security Appliance (ESA) 3.3.1-09, 7.5.1-gpl-022, y 8.5.6-074 permite a atacantes remotos evadir les restricciones de email a través de un registro DNS SPF malformado, también conocido como Bug IDs CSCuu35853 y CSCuu... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39339 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 13%CPEs: 1EXPL: 3CVE-2014-2879 – Dell SonicWALL EMail Security Appliance Application 7.4.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-2879
17 Apr 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page. Múltiples vulnerabilidades de XSS en Dell SonicWALL Email Security 7.4.5 y anteriores permiten a administradores remotos autenticados inyecta... • https://www.exploit-db.com/exploits/32556 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •