Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unified_threat_management
(Sophos)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-25 | CVE-2020-25223 | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | Unified_threat_management | 9.8 | ||
| 2022-03-22 | CVE-2022-0652 | Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | Unified_threat_management | 7.8 | ||
| 2022-03-22 | CVE-2022-0386 | A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | Unified_threat_management | 8.8 | ||
| 2021-07-29 | CVE-2021-25273 | Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | Unified_threat_management | 4.8 | ||
| 2014-03-18 | CVE-2014-2537 | Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | Unified_threat_management, Unified_threat_management_software | N/A | ||
| 2012-07-09 | CVE-2012-3238 | Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. | Security_gateway, Security_gateway_software, Unified_threat_management, Unified_threat_management_software | N/A |