Vulnerabilities > Sophos > Unified Threat Management Software > 9.107

DATE CVE VULNERABILITY TITLE RISK
2016-10-03 CVE-2016-7442 Information Exposure vulnerability in Sophos Unified Threat Management Software
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
local
low complexity
sophos CWE-200
2.1
2.1
2016-10-03 CVE-2016-7397 Information Exposure vulnerability in Sophos Unified Threat Management Software
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
local
low complexity
sophos CWE-200
2.1
2.1
2016-02-17 CVE-2016-2046 Cross-site Scripting vulnerability in Sophos Unified Threat Management Software
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
network
sophos CWE-79
4.3
4.3
2014-03-18 CVE-2014-2537 Resource Management Errors vulnerability in Sophos products
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
network
low complexity
sophos CWE-399
7.8
7.8