Vulnerabilities > Sophos > Unified Threat Management Software > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-03 CVE-2016-7442 Information Exposure vulnerability in Sophos Unified Threat Management Software
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
local
low complexity
sophos CWE-200
4.4
2016-10-03 CVE-2016-7397 Information Exposure vulnerability in Sophos Unified Threat Management Software
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
local
low complexity
sophos CWE-200
4.4
2016-02-17 CVE-2016-2046 Cross-site Scripting vulnerability in Sophos Unified Threat Management Software
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
network
low complexity
sophos CWE-79
6.1
2016-01-14 CVE-2016-0777 Information Exposure vulnerability in multiple products
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
network
low complexity
sophos oracle openbsd hp apple CWE-200
6.5