Filtered by vendor Sophos
Subscriptions
Total
161 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 8.8 High |
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | ||||
CVE-2022-0331 | 1 Sophos | 1 Sfos | 2024-11-21 | 5.3 Medium |
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | ||||
CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2024-11-21 | 6.1 Medium |
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | ||||
CVE-2021-36808 | 1 Sophos | 1 Sophos Secure Workspace | 2024-11-21 | 5.9 Medium |
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. | ||||
CVE-2021-36807 | 1 Sophos | 1 Unified Threat Management Up2date | 2024-11-21 | 8.8 High |
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | ||||
CVE-2021-25273 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 4.8 Medium |
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | ||||
CVE-2021-25271 | 1 Sophos | 1 Hitmanpro | 2024-11-21 | 6.0 Medium |
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | ||||
CVE-2021-25270 | 1 Sophos | 1 Hitmanpro.alert | 2024-11-21 | 6.7 Medium |
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | ||||
CVE-2021-25269 | 1 Sophos | 3 Exploit Prevention, Intercept X Endpoint, Intercept X For Server | 2024-11-21 | 4.4 Medium |
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. | ||||
CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 8.4 High |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | ||||
CVE-2021-25267 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 6.8 Medium |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | ||||
CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2024-11-21 | 3.9 Low |
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | ||||
CVE-2021-25265 | 2 Microsoft, Sophos | 2 Windows, Connect | 2024-11-21 | 8.8 High |
A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | ||||
CVE-2021-25264 | 1 Sophos | 2 Home, Intercept X | 2024-11-21 | 6.7 Medium |
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | ||||
CVE-2020-9540 | 1 Sophos | 1 Hitmanpro.alert | 2024-11-21 | 7.8 High |
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | ||||
CVE-2020-9363 | 1 Sophos | 6 Cloud Optix, Endpoint Protection, Intercept X Endpoint and 3 more | 2024-11-21 | 7.8 High |
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction. | ||||
CVE-2020-36692 | 1 Sophos | 1 Web Appliance | 2024-11-21 | 6.5 Medium |
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. | ||||
CVE-2020-29574 | 1 Sophos | 1 Cyberoamos | 2024-11-21 | 9.8 Critical |
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | ||||
CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 9.8 Critical |
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | ||||
CVE-2020-17352 | 1 Sophos | 1 Xg Firewall Firmware | 2024-11-21 | 8.8 High |
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. |