Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Email_security_appliance
(Cisco)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 47 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-06-20 | CVE-2019-1905 | A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted GZIP-compressed file. A successful exploit could allow the attacker to bypass configured content filters that would... | Email_security_appliance | 5.8 | ||
2019-05-03 | CVE-2019-1844 | A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send... | Email_security_appliance | 5.3 | ||
2019-04-18 | CVE-2019-1831 | A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. | Email_security_appliance | 5.3 | ||
2017-08-17 | CVE-2017-6783 | A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker... | Content_security_management_appliance, Email_security_appliance, Web_security_appliance | 4.3 | ||
2017-06-13 | CVE-2017-6661 | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. | Content_security_management_appliance, Email_security_appliance | 6.1 | ||
2017-01-26 | CVE-2017-3800 | A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to... | Email_security_appliance | 5.8 | ||
2016-12-13 | CVE-2016-9202 | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066. | Email_security_appliance | 6.1 | ||
2016-12-13 | CVE-2016-6465 | A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of the following Cisco products: Cisco Email Security Appliances (ESAs)... | Email_security_appliance | 4.3 | ||
2016-10-05 | CVE-2016-6416 | The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. | Content_security_management_appliance, Email_security_appliance, Web_security_appliance | 5.9 | ||
2016-10-28 | CVE-2016-6372 | A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed... | Email_security_appliance, Web_security_appliance, Web_security_appliance_8\.0\.5 | 7.5 |