Vulnerabilities > Cisco > Asyncos
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-08-01 | CVE-2016-1461 | Improper Input Validation vulnerability in Cisco Asyncos Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932. | 5.0 |
2016-06-23 | CVE-2016-1438 | Improper Input Validation vulnerability in Cisco Asyncos 9.7.0125 Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | 5.0 |
2015-02-07 | CVE-2015-0605 | Permissions, Privileges, and Access Controls vulnerability in Cisco Asyncos The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. | 4.3 |
2015-01-14 | CVE-2015-0577 | Cross-site Scripting vulnerability in Cisco Asyncos Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. | 4.3 |
2014-10-19 | CVE-2014-3381 | Permissions, Privileges, and Access Controls vulnerability in Cisco Asyncos The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934. | 5.0 |
2014-05-20 | CVE-2014-2195 | Improper Input Validation vulnerability in Cisco products Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085. | 4.3 |