CVE-2016-6357
https://notcve.org/view.php?id=CVE-2016-6357
A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. Una vulnerabilidad en las políticas de seguridad configuradas, incluida la caída del filtrado de email, en Cisco AsyncOS para Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado eludir una caída de filtrado configurada utilizando un email con un adjunto corrupto. Más información: CSCuz01651. • http://www.securityfocus.com/bid/93909 http://www.securitytracker.com/id/1037114 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5 • CWE-388: 7PK - Errors •
CVE-2016-6358
https://notcve.org/view.php?id=CVE-2016-6358
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. Una vulnerabilidad en FTP local a Cisco Email Security Appliance (ESA) podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) parcial cuando la aplicación FTP se cierra inesperadamente. • http://www.securityfocus.com/bid/93905 http://www.securitytracker.com/id/1037115 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6 • CWE-20: Improper Input Validation •
CVE-2016-1481
https://notcve.org/view.php?id=CVE-2016-1481
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066. Una vulnerabilidad en la característica de filtrado de mensajes email de Cisco AsyncOS Software para Cisco Email Security Appliances podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) en el dispositivo afectado. • http://www.securityfocus.com/bid/93908 http://www.securitytracker.com/id/1037123 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1 • CWE-20: Improper Input Validation •
CVE-2016-6416
https://notcve.org/view.php?id=CVE-2016-6416
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. El servicio FTP en Cisco AsyncOS en dispositivos Email Security Appliance (ESA) 9.6.0-000 hasta la versión 9.9.6-026, dispositivos Web Security Appliance (WSA) 9.0.0-162 hasta la versión 9.5.0-444 y dispositivos Content Security Management Appliance (SMA) permite a atacantes remotos provocar una denegación de servicio a través de inundación de tráfico FTP, vulnerabilidad también conocida como Bug IDs CSCuz82907, CSCuz84330 y CSCuz86065. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aos http://www.securityfocus.com/bid/93198 http://www.securitytracker.com/id/1036915 http://www.securitytracker.com/id/1036916 http://www.securitytracker.com/id/1036917 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1405
https://notcve.org/view.php?id=CVE-2016-1405
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. libclamav en ClamAV (también conocida como Clam AntiVirus), tal como se utiliza en Advanced Malware Protection (AMP) en dispositivos Cisco Email Security Appliance (ESA) en versiones anteriores a 9.7.0-125 y dispositivos Web Security Appliance (WSA) en versiones anteriores a 9.0.1-135 y 9.1.x en versiones anteriores a 9.1.1-041, permite a atacantes remotos provocar una denegación de servicio (reinicio del proceso AMP) a través de un documento manipulado, también conocido como Bug IDs CSCuv78533 y CSCuw60503. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa http://www.securityfocus.com/bid/90968 http://www.securitytracker.com/id/1035993 http://www.securitytracker.com/id/1035994 http://www.ubuntu.com/usn/USN-3093-1 https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •