Filtered by vendor Cisco
Subscribe
Total
6480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4278 | 1 Cisco | 1 Email Security Appliance Firmware | 2018-10-30 | 4.3 MEDIUM | N/A |
| Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. | |||||
| CVE-2014-3289 | 1 Cisco | 4 Content Security Management Appliance, Email Security Appliance Firmware, Ironport Asyncos and 1 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888. | |||||
| CVE-2013-3385 | 1 Cisco | 4 Content Security Management, Email Security Appliance Firmware, Ironport Asyncos and 1 more | 2018-10-30 | 7.8 HIGH | N/A |
| The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669. | |||||
| CVE-2016-1438 | 1 Cisco | 2 Asyncos, Email Security Appliance Firmware | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | |||||
| CVE-2013-3386 | 1 Cisco | 3 Content Security Management, Email Security Appliance Firmware, Ironport Asyncos | 2018-10-30 | 7.8 HIGH | N/A |
| The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712. | |||||
| CVE-2013-2139 | 3 Cisco, Fedoraproject, Opensuse | 3 Libsrtp, Fedora, Opensuse | 2018-10-30 | 2.6 LOW | N/A |
| Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. | |||||
| CVE-2015-0732 | 1 Cisco | 3 Content Security Management Virtual Appliance, Email Security Appliance Firmware, Web Security Appliance | 2018-10-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. | |||||
| CVE-2013-3384 | 1 Cisco | 4 Content Security Management, Email Security Appliance Firmware, Ironport Asyncos and 1 more | 2018-10-30 | 9.0 HIGH | N/A |
| The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579. | |||||
| CVE-2015-0624 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance Firmware, Web Security Appliance | 2018-10-30 | 4.3 MEDIUM | N/A |
| The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. | |||||
| CVE-2015-6355 | 1 Cisco | 1 Unified Computing System | 2018-10-30 | 5.0 MEDIUM | N/A |
| The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226. | |||||
| CVE-2013-5537 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance Firmware, Web Security Appliance | 2018-10-30 | 7.8 HIGH | N/A |
| The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. | |||||
| CVE-2015-4236 | 1 Cisco | 2 Email Security Appliance, Email Security Appliance Firmware | 2018-10-30 | 4.3 MEDIUM | N/A |
| Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering and SSH outage) via a packet flood, aka Bug IDs CSCur13704 and CSCuq05636. | |||||
| CVE-2016-1288 | 1 Cisco | 1 Web Security Appliance | 2018-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840. | |||||
| CVE-2015-0734 | 1 Cisco | 1 Email Security Appliance Firmware | 2018-10-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743. | |||||
| CVE-2015-6309 | 1 Cisco | 2 Email Security Appliance, Email Security Appliance Firmware | 2018-10-30 | 6.8 MEDIUM | N/A |
| Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211. | |||||
| CVE-2014-2195 | 1 Cisco | 3 Asyncos, Content Security Management Appliance, Email Security Appliance Firmware | 2018-10-30 | 4.3 MEDIUM | N/A |
| Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085. | |||||
| CVE-2006-1670 | 1 Cisco | 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15454 Mstp and 2 more | 2018-10-30 | 7.8 HIGH | N/A |
| Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910. | |||||
| CVE-2002-1103 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2018-10-30 | 5.0 MEDIUM | N/A |
| Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets. | |||||
| CVE-2006-4313 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2018-10-30 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. | |||||
| CVE-2002-1597 | 1 Cisco | 1 Sn 5420 Storage Router Firmware | 2018-10-30 | 5.0 MEDIUM | N/A |
| Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface. | |||||