CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7442 – Sophos UTM 9.405-5 / 9.404-5 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-7442
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. El componente Frontend en Sophos UTM con firmware 9.405-5 y en versiones anteriores permite a administradores locales obtener información sensible de contraseñas leyendo el campo "value" de los ajustes de usuario del proxy en pestaña de configuración "system settings / scan settings / anti spam". Sophos UTM versions 9.405-5 and 9.404-5 suffer from information disclosure vulnerabilities. • http://www.securityfocus.com/archive/1/539518/100/0/threaded http://www.securityfocus.com/bid/93266 http://www.securitytracker.com/id/1036931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7397 – Sophos UTM 9.405-5 / 9.404-5 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-7397
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. El componente Frontend en Sophos UTM con firmware 9.405-5 y versiones anteriores permite a administradores locales obtener información sensible de contraseñas leyendo el campo "value" de los ajustes de usuario SMTP en la pestaña de configuración de notificaciones. Sophos UTM versions 9.405-5 and 9.404-5 suffer from information disclosure vulnerabilities. • http://www.securityfocus.com/archive/1/539518/100/0/threaded http://www.securityfocus.com/bid/93266 http://www.securitytracker.com/id/1036931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2016-2046 – Sophos UTM 9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-2046
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Vulnerabilidad de XSS en la página UserPortal en SOPHOS UTM en versiones anteriores a 9.353 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro lang. Sophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2016/Feb/60 http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9 http://www.securitytracker.com/id/1035048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2016-0777 – OpenSSH: Client Information leak due to use of roaming connection feature
https://notcve.org/view.php?id=CVE-2016-0777
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. La función resend_bytes en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2 permite a servidores remotos obtener información sensible desde la memoria de proceso mediante la petición de transmisión de un buffer completo, según lo demostrado mediante la lectura de una clave privada. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html http://lists.opensuse.org/opensuse-security-announce • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •