Vulnerabilities > Sophos > Unified Threat Management Up2Date

DATE CVE VULNERABILITY TITLE RISK
2021-11-26 CVE-2021-36807 SQL Injection vulnerability in Sophos Unified Threat Management Up2Date
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
network
low complexity
sophos CWE-89
8.8
2016-01-14 CVE-2015-8605 Improper Input Validation vulnerability in multiple products
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
low complexity
sophos isc debian canonical CWE-20
6.5