Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-26	CVE-2021-36807	SQL Injection vulnerability in Sophos Unified Threat Management Up2Date An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. network low complexity sophos CWE-89	6.5
2016-01-14	CVE-2015-8605	Improper Input Validation vulnerability in multiple products ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. sophos isc debian canonical CWE-20	5.7