Unified threat management software

This hub aggregates every CVE we track for Unified threat management software, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Security Products

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM5HIGH3CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 9 most recently published vulnerabilities affecting Unified threat management software.

CVE-2016-7397The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in...4.4Oct 3, 2016
CVE-2016-7442The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings i...4.4Oct 3, 2016
CVE-2015-7547Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a d...8.1Feb 18, 2016
CVE-2016-2046Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.6.1Feb 17, 2016
CVE-2016-0778The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly...8.1Jan 14, 2016
CVE-2016-0777The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmi...6.5Jan 14, 2016
CVE-2014-2537Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.7.8Mar 18, 2014
CVE-2013-5932Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.10.0Sep 23, 2013
CVE-2012-3238Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "...4.3Jul 9, 2012

Product normalization is registry-driven with AI assist and human review. How it works