Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-10-28 | CVE-2016-6358 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. | 7.5 |
2016-10-28 | CVE-2016-6357 | 7PK - Errors vulnerability in Cisco Email Security Appliance 9.7.1066/9.9.6026 A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. | 7.5 |
2016-10-28 | CVE-2016-6356 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. | 7.5 |
2016-10-28 | CVE-2016-1486 | Data Processing Errors vulnerability in Cisco Email Security Appliance A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. | 7.5 |
2016-10-28 | CVE-2016-1481 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. | 7.5 |
2016-10-28 | CVE-2016-1480 | 7PK - Errors vulnerability in Cisco Email Security Appliance A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. | 7.5 |
2016-10-27 | CVE-2016-6446 | Information Exposure vulnerability in Cisco Meeting Server A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. | 7.5 |
2016-10-27 | CVE-2016-6444 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. | 8.8 |
2016-10-27 | CVE-2016-6443 | SQL Injection vulnerability in Cisco products A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. | 8.8 |
2016-10-27 | CVE-2016-6442 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Finesse 11.0(1)Base A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. | 8.8 |