CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4288
https://notcve.org/view.php?id=CVE-2015-4288
29 Jul 2015 — The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. Vulnerabilidad en la implementación LDAP en Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Applian... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40137 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4278
https://notcve.org/view.php?id=CVE-2015-4278
16 Jul 2015 — Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. Los dispositivos Cisco Email Security Appliance (ESA) con software 8.5.6-106 y 9.5.0-201 permiten a atacantes remotos provocar una denegación de servicio (corte de recepción del e-mail por dominio) insertando datos de política DMARC manipulados ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39940 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4236
https://notcve.org/view.php?id=CVE-2015-4236
10 Jul 2015 — Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. Cisco AsyncOS en dispositivos ESA (Email Security Appliance) con software 8.5.6-073, 8.5.6-074 y 9.0.0-461, cuando clustering está habilitado, permite a los atacantes remotos provocar una denegación de servicio mediante inundación, tambi... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39785 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2015-4216
https://notcve.org/view.php?id=CVE-2015-4216
26 Jun 2015 — The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630. La característica de soporte remoto en los d... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-4217
https://notcve.org/view.php?id=CVE-2015-4217
26 Jun 2015 — The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601. La característica de soporte remo... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4184
https://notcve.org/view.php?id=CVE-2015-4184
13 Jun 2015 — The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. El escáner anti-spam en los dispositivos Cisco Email Security Appliance (ESA) 3.3.1-09, 7.5.1-gpl-022, y 8.5.6-074 permite a atacantes remotos evadir les restricciones de email a través de un registro DNS SPF malformado, también conocido como Bug IDs CSCuu35853 y CSCuu... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39339 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0734
https://notcve.org/view.php?id=CVE-2015-0734
15 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743. Múltiples vulnerabilidades cross-site scripting (XSS) en el Cisco Email Security Appliance (ESA) 8.5.6-106 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados en solicitudes (1) GET o (2) POST, también... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2015-0624 – Cisco Ironport AsyncOS HTTP Header Injection
https://notcve.org/view.php?id=CVE-2015-0624
21 Feb 2015 — The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. El Framework web en los dispositivos Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), y Web Security Appliance (WSA) permite a atacantes remotos provoc... • https://packetstorm.news/files/id/130525 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0605
https://notcve.org/view.php?id=CVE-2015-0605
07 Feb 2015 — The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. El motor de inspección uuencode en Cisco AsyncOS en los dispositivos Cisco Email Security Appliance (ESA) 8.5 y anteriores permite a atacantes remotos evadir las restricciones de contenido a través de un adjunto de email manipulado con cifrado uuencode, tam... • http://secunia.com/advisories/62829 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3289
https://notcve.org/view.php?id=CVE-2014-3289
10 Jun 2014 — Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888. Vulnerabilidad de X... • http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •