Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos unified threat management vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local malicious user to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
Sophos Unified Threat Management
578
VMScore
CVE-2022-0386
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated malicious user to execute code in Sophos UTM before version 9.710.
Sophos Unified Threat Management
578
VMScore
CVE-2021-36807
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
Sophos Unified Threat Management Up2date
312
VMScore
CVE-2021-25273
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
Sophos Unified Threat Management
891
VMScore
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Sophos Unified Threat Management
Sophos Unified Threat Management 9.511
Sophos Unified Threat Management 9.607
Sophos Unified Threat Management 9.705
3 Github repositories
187
VMScore
CVE-2016-7397
The Frontend component in Sophos UTM with firmware 9.405-5 and previous versions allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
Sophos Unified Threat Management Software
187
VMScore
CVE-2016-7442
The Frontend component in Sophos UTM with firmware 9.405-5 and previous versions allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" confi...
Sophos Unified Threat Management Software
383
VMScore
CVE-2016-2046
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM prior to 9.353 allows remote malicious users to inject arbitrary web script or HTML via the lang parameter.
Sophos Unified Threat Management Software
507
VMScore
CVE-2015-8605
ISC DHCP 4.x prior to 4.1-ESV-R12-P1, 4.2.x, and 4.3.x prior to 4.3.3-P1 allows remote malicious users to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
Sophos Unified Threat Management Up2date
Isc Dhcp 4.0.0
Isc Dhcp 4.0.1
Isc Dhcp 4.0.2
Isc Dhcp 4.0.3
Isc Dhcp 4.1-esv
Isc Dhcp 4.1.0
Isc Dhcp 4.1.1
Isc Dhcp 4.1.2
Isc Dhcp 4.2.0
Isc Dhcp 4.2.1
Isc Dhcp 4.2.2
Isc Dhcp 4.2.3
Isc Dhcp 4.2.4
Isc Dhcp 4.2.5
Isc Dhcp 4.2.6
Isc Dhcp 4.2.7
Isc Dhcp 4.2.8
Isc Dhcp 4.3.0
Isc Dhcp 4.3.1
Isc Dhcp 4.3.2
Isc Dhcp 4.3.3
890
VMScore
CVE-2013-5932
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) prior to 9.105 has unknown impact and attack vectors.
Sophos Unified Threat Management Software 9.007
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started