CVE-2015-6291

Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-diction...

CVE-2015-4288

The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain ...