CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6386
https://notcve.org/view.php?id=CVE-2015-6386
01 Dec 2015 — The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150. La funcionalidad passthroug FTP en dispositivos Cisco Web Security Appliance (WSA) con software 8.0.7-142 y 8.5.1-021 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de sesiones FTP en ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-6292
https://notcve.org/view.php?id=CVE-2015-6292
06 Nov 2015 — The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922. La implementación proxy- caché en Cisco AsyncOS 8.0.x en versiones anteriores a 8.0.7-151, 8.1.x y 8.5.x en versiones anteriores a 8.5.2-004, 8.6.x y 8.7.x en versiones ante... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1 • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6298
https://notcve.org/view.php?id=CVE-2015-6298
06 Nov 2015 — The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. La interfaz de administración web en Cisco AsyncOS 8.x en versiones anteriores a 8.0.8-113, 8.1.x y 8.5.x en versiones anteriores a 8.5.3-051, 8.6.x y 8.7.x en versiones anteriores a... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-6293
https://notcve.org/view.php?id=CVE-2015-6293
06 Nov 2015 — Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. Cisco AsyncOS 8.x en versiones anteriores a 8.0.8-113, 8.1.x y 8.5.x en versiones anteriores a 8.5.3-051, 8.6.x y 8.7.x en versiones anteriores a 8.7.0-171-LD y 8.8.x en versiones anteriores a 8.8.0-085 en d... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-6321
https://notcve.org/view.php?id=CVE-2015-6321
06 Nov 2015 — Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0-725 and 8.x before 8.0.8-113 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug IDs CSCus79774, CSCus79777, and C... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0732
https://notcve.org/view.php?id=CVE-2015-0732
29 Jul 2015 — Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. Vulnerabilidad de XSS en Cisco AsyncOS en la Web Security Appliance (WSA) 9.0.0-193, en Email Security Appliance ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4288
https://notcve.org/view.php?id=CVE-2015-4288
29 Jul 2015 — The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. Vulnerabilidad en la implementación LDAP en Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Applian... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40137 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4198
https://notcve.org/view.php?id=CVE-2015-4198
20 Jun 2015 — Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. Vulnerabilidad de XSS en el Framework web en los dispositivos Cisco Web Security Appliance (WSA) con software 8.5.0-497 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una cabecera HTTP no especificada, también cono... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0738
https://notcve.org/view.php?id=CVE-2015-0738
17 May 2015 — Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008. Vulnerabilidad de XSS en la página Web Tracking Report en los dispositivos Cisco Web Security Appliance (WSA) 8.5.0-497 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un campo no especificado, también conocido como Bug ID C... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0693
https://notcve.org/view.php?id=CVE-2015-0693
15 Apr 2015 — Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259. Dispositivos Cisco Web Security Appliance (WSA) con software 8.5.0-ise-147 no restringe debidamente el uso del módulo pickle de Python durante algunas comprobaciones de tunnel-status, lo que permite a usuarios locales e... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38306 • CWE-20: Improper Input Validation •