Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-0331
An information disclosure vulnerability in Webadmin allows an unauthenticated remote malicious user to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
Sophos Sfos
9.8
CVSSv3
CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v19.0 MR1 and older.
Sophos Firewall
2 Articles
6.1
CVSSv3
CVE-2016-3968
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote malicious users to i...
Sophos Cyberoam Cr100ing Utm Firmware 10.6.3 Mr-1 Build 503
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Build 378
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Mr-1 Build 383
NA
CVE-2007-4512
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x prior to 6.5.8 and 7.x prior to 7.0.1 allows remote malicious users to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is no...
Sophos Anti-virus
8.4
CVSSv3
CVE-2021-25268
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
Sophos Firewall Firmware
6.1
CVSSv3
CVE-2021-36806
A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4.
Sophos Email Appliance
7.2
CVSSv3
CVE-2022-4934
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
Sophos Web Appliance
9.8
CVSSv3
CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
Sophos Web Appliance
5 Github repositories
NA
CVE-2014-2385
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux prior to 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:Exclude...
Sophos Anti-virus
5.5
CVSSv3
CVE-2018-3970
An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send ...
Sophos Hitmanpro.alert 3.7.6.744
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »