Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos unified threat management vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Sophos Unified Threat Management
Sophos Unified Threat Management 9.511
Sophos Unified Threat Management 9.607
Sophos Unified Threat Management 9.705
3 Github repositories
4.8
CVSSv3
CVE-2021-25273
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
Sophos Unified Threat Management
8.8
CVSSv3
CVE-2022-0386
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated malicious user to execute code in Sophos UTM before version 9.710.
Sophos Unified Threat Management
7.8
CVSSv3
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local malicious user to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
Sophos Unified Threat Management
6.1
CVSSv3
CVE-2016-2046
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM prior to 9.353 allows remote malicious users to inject arbitrary web script or HTML via the lang parameter.
Sophos Unified Threat Management Software
4.4
CVSSv3
CVE-2016-7397
The Frontend component in Sophos UTM with firmware 9.405-5 and previous versions allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
Sophos Unified Threat Management Software
4.4
CVSSv3
CVE-2016-7442
The Frontend component in Sophos UTM with firmware 9.405-5 and previous versions allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" confi...
Sophos Unified Threat Management Software
8.8
CVSSv3
CVE-2021-36807
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
Sophos Unified Threat Management Up2date
NA
CVE-2013-5932
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) prior to 9.105 has unknown impact and attack vectors.
Sophos Unified Threat Management Software 9.007
6.5
CVSSv3
CVE-2015-8605
ISC DHCP 4.x prior to 4.1-ESV-R12-P1, 4.2.x, and 4.3.x prior to 4.3.3-P1 allows remote malicious users to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
Sophos Unified Threat Management Up2date
Isc Dhcp 4.0.0
Isc Dhcp 4.0.1
Isc Dhcp 4.0.2
Isc Dhcp 4.0.3
Isc Dhcp 4.1-esv
Isc Dhcp 4.1.0
Isc Dhcp 4.1.1
Isc Dhcp 4.1.2
Isc Dhcp 4.2.0
Isc Dhcp 4.2.1
Isc Dhcp 4.2.2
Isc Dhcp 4.2.3
Isc Dhcp 4.2.4
Isc Dhcp 4.2.5
Isc Dhcp 4.2.6
Isc Dhcp 4.2.7
Isc Dhcp 4.2.8
Isc Dhcp 4.3.0
Isc Dhcp 4.3.1
Isc Dhcp 4.3.2
Isc Dhcp 4.3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started