Filtered by vendor Sophos Subscriptions
Total 161 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-0386 1 Sophos 1 Unified Threat Management 2024-11-21 8.8 High
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVE-2022-0331 1 Sophos 1 Sfos 2024-11-21 5.3 Medium
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
CVE-2021-36809 1 Sophos 1 Ssl Vpn Client 2024-11-21 6.1 Medium
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.
CVE-2021-36808 1 Sophos 1 Sophos Secure Workspace 2024-11-21 5.9 Medium
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
CVE-2021-36807 1 Sophos 1 Unified Threat Management Up2date 2024-11-21 8.8 High
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
CVE-2021-25273 1 Sophos 1 Unified Threat Management 2024-11-21 4.8 Medium
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVE-2021-25271 1 Sophos 1 Hitmanpro 2024-11-21 6.0 Medium
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.
CVE-2021-25270 1 Sophos 1 Hitmanpro.alert 2024-11-21 6.7 Medium
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
CVE-2021-25269 1 Sophos 3 Exploit Prevention, Intercept X Endpoint, Intercept X For Server 2024-11-21 4.4 Medium
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.
CVE-2021-25268 1 Sophos 2 Firewall, Firewall Firmware 2024-11-21 8.4 High
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
CVE-2021-25267 1 Sophos 2 Firewall, Firewall Firmware 2024-11-21 6.8 Medium
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.
CVE-2021-25266 1 Sophos 2 Authenticator, Intercept X 2024-11-21 3.9 Low
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
CVE-2021-25265 2 Microsoft, Sophos 2 Windows, Connect 2024-11-21 8.8 High
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
CVE-2021-25264 1 Sophos 2 Home, Intercept X 2024-11-21 6.7 Medium
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
CVE-2020-9540 1 Sophos 1 Hitmanpro.alert 2024-11-21 7.8 High
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.
CVE-2020-9363 1 Sophos 6 Cloud Optix, Endpoint Protection, Intercept X Endpoint and 3 more 2024-11-21 7.8 High
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.
CVE-2020-36692 1 Sophos 1 Web Appliance 2024-11-21 6.5 Medium
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
CVE-2020-29574 1 Sophos 1 Cyberoamos 2024-11-21 9.8 Critical
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
CVE-2020-25223 1 Sophos 1 Unified Threat Management 2024-11-21 9.8 Critical
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVE-2020-17352 1 Sophos 1 Xg Firewall Firmware 2024-11-21 8.8 High
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.