6 matches found
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
CVE-2022-0386
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVE-2021-25273
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVE-2012-3238
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
CVE-2014-2537
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.