Search Results (Refine Search)
- CPE Product Version: cpe:/a:sophos:unified_threat_management_software:9.319
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-7442 |
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. Published: October 03, 2016; 12:09:16 PM -0400 |
V3.0: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2016-7397 |
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. Published: October 03, 2016; 12:09:14 PM -0400 |
V3.0: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2015-7547 |
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Published: February 18, 2016; 4:59:00 PM -0500 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-2046 |
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Published: February 17, 2016; 10:59:03 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |