CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

736 matches found

CVE•added 2020/03/04 6:35 p.m.•85 views

CVE-2020-3181

CVE-2020-3181 : Cisco AsyncOS for Cisco Email Security Appliances (ESA) contains an uncontrolled resource-exhaustion vulnerability in the malware detection/AMP path due to insufficient control over memory allocation. An unauthenticated remote attacker can send a crafted email to exhaust device re...

6.5CVSS6.4AI score0.01525EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/03/04 6:35 p.m.•16 views

CVE-2020-3181 Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection AMP in Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient...

6.5CVSS6.4AI score0.01525EPSS

Exploits0References1

Prion•added 2020/02/19 8:15 p.m.•22 views

Design/Logic Flaw

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a temporary denial of service DoS condition on an affected device. The vulnerability is due to inadequate parsing...

7.1CVSS5.8AI score0.01471EPSS

Exploits0References1Affected Software2

Cvelist•added 2020/02/19 7:16 p.m.•15 views

CVE-2020-3132 Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability

6.8CVSS5.9AI score0.01471EPSS

Exploits0References1

CVE•added 2020/02/19 7:16 p.m.•80 views

CVE-2020-3132

Cisco AsyncOS for Cisco Email Security Appliance (ESA) is affected by CVE-2020-3132, a Denial of Service vulnerability in the email message scanning component caused by inadequate parsing of specific email body components. An unauthenticated, remote attacker can trigger a temporary DoS by sending...

7.1CVSS6.2AI score0.01471EPSS

Exploits0References1Affected Software2

Cisco•added 2020/02/19 4:0 p.m.•30 views

Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability

6.8CVSS1.8AI score0.01471EPSS

Exploits0References1

BDU FSTEC•added 2020/02/17 12:0 a.m.•2 views

The vulnerability of the software’s zip-file decompression mechanism in Cisco AsyncOS affects Cisco Email Security Appliance security systems. This vulnerability allows a hacker to trigger a service failure.

The vulnerability of the software’s zip-file decompression mechanism for Cisco Email Security Appliance systems exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

6.5CVSS6.5AI score0.01087EPSS

Exploits0References3Affected Software1

OSV•added 2020/01/26 5:15 a.m.•2 views

CVE-2020-3134

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of zip files. An...

6.5CVSS6.7AI score0.01087EPSS

Exploits0References1

NVD•added 2020/01/26 5:15 a.m.•13 views

CVE-2020-3134

6.5CVSS6.5AI score0.01087EPSS

Exploits0References1

Vulnrichment•added 2020/01/26 4:31 a.m.•9 views

CVE-2020-3134 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

6.5CVSS7.1AI score0.01087EPSS

Exploits0References1

Cvelist•added 2020/01/26 4:31 a.m.•12 views

CVE-2020-3134 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability

6.5CVSS6.5AI score0.01087EPSS

Exploits0References1

Cisco•added 2020/01/22 4:0 p.m.•16 views

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...

5.8CVSS1.7AI score0.01362EPSS

Exploits0References1

Prion•added 2020/01/15 1:15 p.m.•15 views

Code injection

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks...

3.2CVSS7AI score0.00264EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2020/01/15 12:49 p.m.•2 views

CVE-2012-0334

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks...

6.5AI score0.00264EPSS

Exploits0References2

BDU FSTEC•added 2019/12/09 12:0 a.m.•2 views

The vulnerability of the Cisco AsyncOS operating system proxy server of Cisco Web Security Appliance allows a perpetrator to trigger a service failure or gain unauthorized access to protected information.

The vulnerability of the Cisco AsyncOS operating system’s web server interfaces, such as Cisco Web Security Appliance, is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to cause service interruptions or gain unauthorized access to protected...

9CVSS7.6AI score0.00981EPSS

Exploits0References3Affected Software1

Prion•added 2019/11/26 4:15 a.m.•15 views

Input validation

A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of certain MP3 file types. An attacker...

4.3CVSS4.7AI score0.00452EPSS

Exploits0References1Affected Software1

Prion•added 2019/11/26 4:15 a.m.•15 views

Input validation

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An...

5CVSS5.3AI score0.01011EPSS

Exploits0References1Affected Software1

CVE•added 2019/11/26 3:42 a.m.•89 views

CVE-2019-15971

CVE-2019-15971 affects Cisco AsyncOS on Cisco Email Security Appliance (ESA): the MP3 detection engine fails to validate certain MP3 file types, enabling an unauthenticated, remote attacker to bypass configured content filters by sending a crafted MP3 through the device. The reported impact is by...

5.8CVSS4.7AI score0.00452EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2019/11/26 3:42 a.m.•6 views

CVE-2019-15971 Cisco Email Security Appliance MP3 Content Filter Bypass Vulnerability

5.8CVSS7.2AI score0.00452EPSS

Exploits0References1

CVE•added 2019/11/26 3:42 a.m.•106 views

CVE-2019-15988

CVE-2019-15988 affects Cisco Email Security Appliance (ESA) running Cisco AsyncOS Software. A vulnerability in input validation of URLs could allow an unauthenticated, remote attacker to bypass the device’s URL reputation filters, enabling malicious URLs to pass through. Root cause: insufficient ...

5.8CVSS5.3AI score0.01011EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by