Page 68 of 359 results (0.018 seconds)

CVSS: 7.1EPSS: 2%CPEs: 2EXPL: 0

Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472. Fugas de memoria en la funcionalidad crypto en Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 versiones anteriores a 7.2(4)2, 8.0 versiones anteriores a 8.0(3)14, y 8.1 versiones anteriores a 8.1(1)4, cuando está configurado como un SSL VPN endpoint sin cliente, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y cuelgue de VPN) a través de paquetes SSL o HTTP manipulados, también conocido como Bug ID CSCso66472. • http://secunia.com/advisories/31730 http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml http://www.securityfocus.com/bid/30998 http://www.securitytracker.com/id?1020812 https://exchange.xforce.ibmcloud.com/vulnerabilities/44868 • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 2%CPEs: 2EXPL: 0

The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369. Servidor HTTP en los dispositivos Cisco Adaptive Security Appliance (ASA) 5500 8.0 anterior a 8.0(3)15 y 8.1 anterior a 8.1(1)5, cuando se configura como SSL VPN endpoint sin clientes no procesa adecuadamente las URIs, lo que permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) a través de una URI en un paquete SSL o HTTP manipulado, también conocido como Bug ID CSCsq19369. • http://secunia.com/advisories/31730 http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml http://www.securityfocus.com/bid/30998 http://www.securitytracker.com/id?1020812 https://exchange.xforce.ibmcloud.com/vulnerabilities/44869 • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 2%CPEs: 6EXPL: 0

Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942. Cisco PIX y dispositivos Adaptive Security Appliance 5500(ASA) 7.2 anteriores a 7.2(4)2, 8.0 anterior a 8.0(3)14, y 8.1 anterior a 8.1(1)4, cuando se encuentra configurado como un endpoint VPN, no procesa adecuadamente la autenticación cliente, lo que permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) a través de un intento de autenticación manipulado, también conocido como Bug ID CSCso69942. • http://secunia.com/advisories/31730 http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml http://www.securityfocus.com/bid/30998 http://www.securitytracker.com/id?1020810 http://www.securitytracker.com/id?1020811 https://exchange.xforce.ibmcloud.com/vulnerabilities/44867 •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636. Vulnerabilidad no especificada en Cisco Adaptive Security Appliance (ASA) 5500 dispositivos 8.0(3)15, 8.0(3)16, 8.1(1)4, y 8.1(1)5, cuando se configuran como punto final sin cliente SSL VPN; permite a atacantes remotos obtener nombres de usuario y contraseñas a través de vectores desconocidos. También se conoce como Bug ID CSCsq45636. • http://secunia.com/advisories/31730 http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml http://www.securityfocus.com/bid/30998 http://www.securitytracker.com/id?1020813 https://exchange.xforce.ibmcloud.com/vulnerabilities/44870 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0

Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. Adaptive Security Appliance (ASA) de Cisco y PIX security appliance de Cisco versión 7.1.x anterior a 7.1(2)70, versión 7.2.x anterior a 7.2 (4) y versión 8.0.x anterior a 8.0(3)10, permite a los atacantes remotos causar una denegación de servicio por medio de un paquete TCP ACK creado para la interfaz del dispositivo. • http://secunia.com/advisories/30552 http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml http://www.securitytracker.com/id?1020176 http://www.securitytracker.com/id?1020177 http://www.vupen.com/english/advisories/2008/1750/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42835 • CWE-20: Improper Input Validation •