Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-9834
An XSS vulnerability allows remote malicious users to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware up to and including 10.6.4. User interaction is required to exploit this vulnerability in that the target must ...
Sophos Cyberoam Firmware
1 EDB exploit
5.3
CVSSv3
CVE-2022-0331
An information disclosure vulnerability in Webadmin allows an unauthenticated remote malicious user to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
Sophos Sfos
9.8
CVSSv3
CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated malicious users to execute arbitrary SQL statements remotely.
Sophos Cyberoamos
6.1
CVSSv3
CVE-2016-6217
Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX prior to 6.3.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Sophos Puremessage
9.8
CVSSv3
CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v19.0 MR1 and older.
Sophos Firewall
2 Articles
7.8
CVSSv3
CVE-2020-9540
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.
Sophos Hitmanpro.alert
6.1
CVSSv3
CVE-2022-4901
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
Sophos Connect
1 Github repository
4.3
CVSSv3
CVE-2022-48309
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
Sophos Connect
1 Github repository
5.5
CVSSv3
CVE-2022-48310
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
Sophos Connect
1 Github repository
NA
CVE-2012-1428
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote malicious users to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be...
Cat Quick Heal 11.00
Norman Norman Antivirus \\& Antispyware 6.06.12
Sophos Sophos Anti-virus 4.61.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »