CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2016-7442 – Sophos UTM 9.405-5 / 9.404-5 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-7442
30 Sep 2016 — The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. El componente Frontend en Sophos UTM con firmware 9.405-5 y en versiones anteriores permite a administradores locales obtener información sensible de contraseñas leyendo el campo "value" de los ajustes de usuario del proxy en pestaña de configuraci... • https://packetstorm.news/files/id/138927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2016-7397 – Sophos UTM 9.405-5 / 9.404-5 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-7397
30 Sep 2016 — The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. El componente Frontend en Sophos UTM con firmware 9.405-5 y versiones anteriores permite a administradores locales obtener información sensible de contraseñas leyendo el campo "value" de los ajustes de usuario SMTP en la pestaña de configuración de notificaciones. Sophos UTM v... • https://packetstorm.news/files/id/138927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 93%CPEs: 68EXPL: 18CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2015-7547
16 Feb 2016 — Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pi... • https://packetstorm.news/files/id/167552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •