Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Asyncos
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-04 | CVE-2019-1884 | A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an affected device. A successful attacker could exploit this vulnerability by sending a malicious HTTP/HTTPS request through an affected device.... | Asyncos, Web_security_appliance | 6.5 | ||
| 2016-06-22 | CVE-2016-1438 | Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | Asyncos | 7.5 | ||
| 2015-02-07 | CVE-2015-0605 | The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. | Asyncos | N/A | ||
| 2015-01-14 | CVE-2015-0577 | Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. | Asyncos | N/A | ||
| 2014-10-18 | CVE-2014-3381 | The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934. | Asyncos | N/A | ||
| 2014-05-20 | CVE-2014-2195 | Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085. | Asyncos, Content_security_management_appliance, Email_security_appliance_firmware | N/A |