Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Sophos Subscribe
Filtered by product Unified Threat Management
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0777 5 Apple, Hp, Openbsd and 2 more 7 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 4 more 2022-12-13 4.0 MEDIUM 6.5 MEDIUM
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
CVE-2020-25223 1 Sophos 1 Unified Threat Management 2022-10-05 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVE-2022-0652 1 Sophos 1 Unified Threat Management 2022-03-28 2.1 LOW 7.8 HIGH
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
CVE-2022-0386 1 Sophos 1 Unified Threat Management 2022-03-28 6.5 MEDIUM 8.8 HIGH
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVE-2021-25273 1 Sophos 1 Unified Threat Management 2021-12-16 3.5 LOW 4.8 MEDIUM
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVE-2014-2537 1 Sophos 2 Unified Threat Management, Unified Threat Management Software 2014-03-31 7.8 HIGH N/A
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2012-3238 2 Astaro, Sophos 4 Security Gateway, Security Gateway Software, Unified Threat Management and 1 more 2012-07-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.