Vulnerabilities > Sophos > Unified Threat Management Software > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-02-17 CVE-2016-2046 Cross-site Scripting vulnerability in Sophos Unified Threat Management Software
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
network
sophos CWE-79
4.3
2016-01-14 CVE-2016-0777 Information Exposure vulnerability in multiple products
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
network
low complexity
sophos oracle openbsd hp apple CWE-200
6.5
2012-07-09 CVE-2012-3238 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
network
astaro sophos CWE-79
4.3