Vulnerabilities > Cisco > Email Security Appliance Firmware > 9.1.0.032
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-26 | CVE-2019-15988 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.0 |
2019-11-26 | CVE-2019-15971 | Insufficient Verification of Data Authenticity vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. | 4.3 |
2019-10-02 | CVE-2019-12706 | Improper Input Validation vulnerability in Cisco Email Security Appliance Firmware A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. | 5.0 |
2015-07-29 | CVE-2015-0732 | Cross-site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. | 4.3 |