CVE-2015-4288
https://notcve.org/view.php?id=CVE-2015-4288
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. Vulnerabilidad en la implementación LDAP en Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042 y Content Security Management Appliance (SMA) 8.3.6-048, no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado, también conocido como Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40137 • CWE-310: Cryptographic Issues •
CVE-2015-4236
https://notcve.org/view.php?id=CVE-2015-4236
Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. Cisco AsyncOS en dispositivos ESA (Email Security Appliance) con software 8.5.6-073, 8.5.6-074 y 9.0.0-461, cuando clustering está habilitado, permite a los atacantes remotos provocar una denegación de servicio mediante inundación, también conocido como Bug ID de CSCur13704 y CSCuq05636. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39785 http://www.securityfocus.com/bid/75703 http://www.securitytracker.com/id/1032855 • CWE-399: Resource Management Errors •
CVE-2015-4184
https://notcve.org/view.php?id=CVE-2015-4184
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. El escáner anti-spam en los dispositivos Cisco Email Security Appliance (ESA) 3.3.1-09, 7.5.1-gpl-022, y 8.5.6-074 permite a atacantes remotos evadir les restricciones de email a través de un registro DNS SPF malformado, también conocido como Bug IDs CSCuu35853 y CSCuu37733. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39339 http://www.securityfocus.com/bid/75181 http://www.securitytracker.com/id/1032582 • CWE-20: Improper Input Validation •
CVE-2014-2879 – Dell SonicWALL EMail Security Appliance Application 7.4.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-2879
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page. Múltiples vulnerabilidades de XSS en Dell SonicWALL Email Security 7.4.5 y anteriores permiten a administradores remotos autenticados inyectar script Web o HTML arbitrarios a través del parámetro (1) uploadPatch hacia la página System/Advanced (settings_advanced.html) o (2) uploadLicenses en la página License management (settings_upload_dlicense.html). • https://www.exploit-db.com/exploits/32556 http://seclists.org/fulldisclosure/2014/Mar/409 http://www.securityfocus.com/archive/1/531642/100/0/threaded http://www.securityfocus.com/bid/66501 http://www.securitytracker.com/id/1029965 http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf http://www.vulnerability-lab.com/get_content.php?id=1191 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •