Product:

Unified_threat_management

(Sophos)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 6
Date Id Summary Products Score Patch Annotated
2022-03-22 CVE-2022-0652 Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. Unified_threat_management 7.8
2020-09-25 CVE-2020-25223 A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Unified_threat_management 9.8
2022-03-22 CVE-2022-0386 A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. Unified_threat_management 8.8
2021-07-29 CVE-2021-25273 Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Unified_threat_management 4.8
2014-03-18 CVE-2014-2537 Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Unified_threat_management, Unified_threat_management_software N/A
2012-07-09 CVE-2012-3238 Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. Security_gateway, Security_gateway_software, Unified_threat_management, Unified_threat_management_software N/A