National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:sophos:unified_threat_management_software:9.355
There are 3 matching records.
Vuln ID Summary CVSS Severity
CVE-2016-7442

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

Published: October 03, 2016; 12:09:16 PM -04:00
V3.0: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2016-7397

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

Published: October 03, 2016; 12:09:14 PM -04:00
V3.0: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Published: February 18, 2016; 04:59:00 PM -05:00
V3.0: 8.1 HIGH
    V2: 6.8 MEDIUM