Unified Threat Management Software Security Vulnerabilities and Issues — Unified Threat Management Software CVE List

Lucene search

SophosUnified Threat Management Software

9 matches found

CVE•added 2016/01/14 10:59 p.m.•3158 views

CVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

6.5CVSS6.4AI score0.66391EPSS

CVE•added 2016/01/14 10:59 p.m.•1917 views

CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-...

8.1CVSS7.3AI score0.03251EPSS

CVE•added 2016/02/18 9:59 p.m.•260 views

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a...

8.1CVSS8.4AI score0.93421EPSS

Web

CVE•added 2016/02/17 3:59 p.m.•39 views

CVE-2016-2046

Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

6.1CVSS6AI score0.0097EPSS

Web

CVE•added 2016/10/03 4:9 p.m.•37 views

CVE-2016-7397

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

4.4CVSS4.5AI score0.00028EPSS

CVE•added 2012/07/09 10:55 p.m.•36 views

CVE-2012-3238

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

4.3CVSS5.9AI score0.0054EPSS

CVE•added 2016/10/03 4:9 p.m.•35 views

CVE-2016-7442

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

4.4CVSS4.5AI score0.00028EPSS

CVE•added 2014/03/18 5:4 p.m.•33 views

CVE-2014-2537

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.8CVSS6.7AI score0.01262EPSS

CVE•added 2013/09/23 8:55 p.m.•31 views

CVE-2013-5932

Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.

10CVSS6.7AI score0.00858EPSS