RSS   Vulnerabilities for
'Unified threat management software'
   RSS

2016-10-03
 
CVE-2016-7442

CWE-200
 

 
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

 
 
CVE-2016-7397

CWE-200
 

 
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

 
2016-02-18
 
CVE-2015-7547

CWE-119
 

 
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

 
2016-02-17
 
CVE-2016-2046

 

 
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

 
2016-01-14
 
CVE-2016-0778

CWE-119
 

 
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

 
 
CVE-2016-0777

CWE-200
 

 
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

 
2014-03-18
 
CVE-2014-2537

CWE-399
 

 
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

 
2012-07-09
 
CVE-2012-3238

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

 

 >>> Vendor: Sophos 53 Products
Small business suite
Sophos anti-virus
Sophos puremessage anti-virus
Sophos small business suite
Sophos mailmonitor
Sophos mailmonitor for notes domino
Anti-virus
Endpoint security
Scanning engine
Es1000
Es4000
Anti-virus7.6.3
Puremessage for microsoft exchange
Endpoint protection
Unified threat management software
Unified threat management
Disk encryption
Safeguard easy device encryption client
Safeguard enterprise device encryption
Sophos endpoint security and control
Safeguard enterprise
Free encryption
Safeguard privatecrypto
Web appliance
Web appliance firmware
Enterprise console
Cyberoam cr100ing utm firmware
Cyberoam cr35ing utm firmware
Unified threat management up2date
Mobile control eas proxy
Cyberoam cr25ing utm firmware
Cyberoam firmware
Threat detection engine
Hitmanpro
Astaro security gateway firmware
SFOS
Sophos tester
Invincea-x
Invincea dell protected workspace
Safeguard enterprise client
Safeguard lan crypt client
Hitmanpro.alert
Ssl vpn client
Ipsec client
Cyberoamos
HOME
Sophos secure email
Xg firewall firmware
Intercept x
Sophos secure workspace
Exploit prevention
Intercept x endpoint
Intercept x for server


Copyright 2024, cxsecurity.com

 

Back to Top