CVE-2016-1461

CVE-2016-1461 affects Cisco AsyncOS on Email Security Appliance (ESA) devices up to 9.7.0-125. The vulnerability stems from the file-type filtering feature: an attacker can craft an email attachment to bypass malware detection. Impact is bypass of malware detection, enabling potential malware del...

CVE-2016-1461

Cisco AsyncOS on Email Security Appliance ESA devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932...

The vulnerability of the Cisco IronPort Email Security Appliance allows a malicious individual to execute arbitrary code.

The vulnerability in the SLBL service a check for reliable/locked users in Cisco AsyncOS, used by Email Security Appliances and Content Security Management Appliances, allows remote users who have passed authentication to execute arbitrary code with superuser privileges, by downloading a modified...

CVE-2016-1438

Cisco AsyncOS 9.7.0-125 on Email Security Appliance ESA devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210...

CVE-2016-1438

Cisco AsyncOS 9.7.0-125 on Email Security Appliance ESA devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210...

Design/Logic Flaw

Cisco AsyncOS 9.7.0-125 on Email Security Appliance ESA devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210...

CVE-2016-1438

Cisco AsyncOS 9.7.0-125 on Email Security Appliance ESA devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210...

CVE-2016-1438

CVE-2016-1438 affects Cisco AsyncOS on Email Security Appliance (ESA) 9.7.0-125. It exploits improper handling of content in .zip files to bypass the anti-spam filtering, enabling remote attackers to bypass filtering via a crafted ZIP payload. Exploitation details in public sources align with a b...

Cisco WSA AMP ClamAV Denial of Service Vulnerability

A vulnerability in the Clam AntiVirus ClamAV software that is used by Cisco Advance Malware Protection AMP for Cisco Email Security Appliances ESAs and Cisco Web Security Appliances WSAs could allow an unauthenticated, remote attacker to cause the AMP process to restart. SPDX-FileCopyrightText:...

Cisco Web Security Appliance Multiple DoS Vulnerabilities

According to its self-reported version, the Cisco Web Security Appliance WSA running on the remote host is affected by the following vulnerabilities : - A denial of service vulnerability exists in Cisco AsyncOS due to improper validation of packets when parsing HTTP POST requests. An...

CVE-2016-1383

Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service memory consumption via an unspecified HTTP status code, aka Bug ID CSCur28305...

CVE-2016-1383

Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service memory consumption via an unspecified HTTP status code, aka Bug ID CSCur28305...

CVE-2016-1382

Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance WSA devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service proxy-process reload via a crafted request, aka Bug ID CSCuu02529...

CVE-2016-1382

Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance WSA devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service proxy-process reload via a crafted request, aka Bug ID CSCuu02529...

CVE-2016-1381

Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service memory consumption via an HTTP file-range request for cached content, aka Bug ID CSCuw97270...

CVE-2016-1380

Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service proxy-process hang via a crafted HTTP POST request, aka Bug ID CSCuo12171...

CVE-2016-1380

Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service proxy-process hang via a crafted HTTP POST request, aka Bug ID CSCuo12171...

Memory corruption

Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service memory consumption via an unspecified HTTP status code, aka Bug ID CSCur28305...

Design/Logic Flaw

Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service memory consumption via an HTTP file-range request for cached content, aka Bug ID CSCuw97270...

Design/Logic Flaw

Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance WSA devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service proxy-process reload via a crafted request, aka Bug ID CSCuu02529...