Vulnerabilities > Sophos > Unified Threat Management Software > 8.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-10-03 | CVE-2016-7442 | Information Exposure vulnerability in Sophos Unified Threat Management Software The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. | 2.1 |
2016-10-03 | CVE-2016-7397 | Information Exposure vulnerability in Sophos Unified Threat Management Software The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. | 2.1 |
2016-02-17 | CVE-2016-2046 | Cross-site Scripting vulnerability in Sophos Unified Threat Management Software Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
2014-03-18 | CVE-2014-2537 | Resource Management Errors vulnerability in Sophos products Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 7.8 |
2012-07-09 | CVE-2012-3238 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. | 4.3 |