Vulnerabilities > Cisco > Email Security Appliance > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-12-14 | CVE-2016-9202 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. | 4.3 |
2016-12-14 | CVE-2016-6465 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. | 4.3 |
2016-12-14 | CVE-2016-1411 | Cryptographic Issues vulnerability in Cisco products A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. | 4.3 |
2016-10-28 | CVE-2016-6372 | Improper Input Validation vulnerability in Cisco products A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. | 5.0 |
2016-10-28 | CVE-2016-6360 | Improper Input Validation vulnerability in Cisco Email Security Appliance and web Security Appliance A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. | 5.0 |
2016-10-28 | CVE-2016-6358 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. | 5.0 |
2016-10-28 | CVE-2016-6357 | 7PK - Errors vulnerability in Cisco Email Security Appliance 9.7.1066/9.9.6026 A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. | 5.0 |
2016-10-28 | CVE-2016-1480 | 7PK - Errors vulnerability in Cisco Email Security Appliance A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. | 5.0 |
2016-10-28 | CVE-2016-1423 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. | 4.3 |
2016-10-05 | CVE-2016-6416 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. | 4.3 |