Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2016-9553
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP ...
Sophos Web Appliance 4.2.1.3
1 EDB exploit
9
CVSSv2
CVE-2014-5502
The Sophos Cyberoam appliances with CyberoamOS prior to 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.
Cyberoam Cyberoam Os
8.5
CVSSv2
CVE-2021-25267
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.
Sophos Firewall Firmware
8.5
CVSSv2
CVE-2014-2849
The Change Password dialog box (change_password) in Sophos Web Appliance prior to 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Sophos Web Appliance Firmware 3.7.5
Sophos Web Appliance Firmware 3.7.4
Sophos Web Appliance Firmware 3.7.3
Sophos Web Appliance Firmware 3.7.2
Sophos Web Appliance Firmware 3.5.6
Sophos Web Appliance Firmware 3.5.5
Sophos Web Appliance Firmware 3.5.4
Sophos Web Appliance Firmware 3.5.3
Sophos Web Appliance Firmware 3.4.1
Sophos Web Appliance Firmware 3.4.0
Sophos Web Appliance Firmware 3.3.6.1
Sophos Web Appliance Firmware 3.3.6
Sophos Web Appliance Firmware 3.2.3
Sophos Web Appliance Firmware 3.2.2.1
Sophos Web Appliance Firmware 3.2.2
Sophos Web Appliance Firmware 3.2.1
Sophos Web Appliance Firmware 3.1.4
Sophos Web Appliance Firmware 3.0.0
Sophos Web Appliance Firmware 3.8.0
Sophos Web Appliance Firmware 3.7.9.1
Sophos Web Appliance Firmware 3.7.9
Sophos Web Appliance Firmware 3.7.8.2
1 EDB exploit
8.5
CVSSv2
CVE-2014-2850
The network interface configuration page (netinterface) in Sophos Web Appliance prior to 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
Sophos Web Appliance Firmware 3.7.3
Sophos Web Appliance Firmware 3.7.2
Sophos Web Appliance Firmware 3.7.1
Sophos Web Appliance Firmware 3.7.0
Sophos Web Appliance Firmware 3.5.4
Sophos Web Appliance Firmware 3.5.3
Sophos Web Appliance Firmware 3.5.2
Sophos Web Appliance Firmware 3.5.1.2
Sophos Web Appliance Firmware 3.4.0
Sophos Web Appliance Firmware 3.3.6.1
Sophos Web Appliance Firmware 3.3.6
Sophos Web Appliance Firmware 3.3.5.1
Sophos Web Appliance Firmware 3.2.2
Sophos Web Appliance Firmware 3.2.1
Sophos Web Appliance Firmware 3.1.4
Sophos Web Appliance Firmware 3.1.3
Sophos Web Appliance Firmware 3.7.9
Sophos Web Appliance Firmware 3.7.8.2
Sophos Web Appliance Firmware 3.7.8.1
Sophos Web Appliance Firmware 3.7.8
Sophos Web Appliance Firmware 3.6.2.4.1
Sophos Web Appliance Firmware 3.6.2.4.0
1 EDB exploit
7.8
CVSSv2
CVE-2014-2537
Memory leak in the TCP stack in the kernel in Sophos UTM prior to 9.109 allows remote malicious users to cause a denial of service (memory consumption) via unspecified vectors.
Sophos Unified Threat Management Software
Sophos Unified Threat Management Software 8.3
Sophos Unified Threat Management Software 9.007
Sophos Unified Threat Management Software 9.107
Sophos Unified Threat Management 425
Sophos Unified Threat Management 525
Sophos Unified Threat Management 625
Sophos Unified Threat Management 110
Sophos Unified Threat Management 120
Sophos Unified Threat Management 220
Sophos Unified Threat Management 320
7.8
CVSSv2
CVE-2007-4577
Sophos Anti-Virus for Unix/Linux prior to 2.48.0 allows remote malicious users to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
Sophos Anti-virus 3.78d
Sophos Anti-virus 3.79
Sophos Anti-virus 3.86
Sophos Anti-virus 3.90
Sophos Anti-virus 4.5.12
Sophos Anti-virus 4.5.3
Sophos Anti-virus 5.0.9
Sophos Small Business Suite 4.04
Sophos Small Business Suite 4.05
Sophos Anti-virus 3.82
Sophos Anti-virus 3.83
Sophos Anti-virus 3.96.0
Sophos Anti-virus 4.03
Sophos Anti-virus 4.7.2
Sophos Anti-virus 5.0.1
Sophos Anti-virus 5.2.1
Sophos Anti-virus 6.5
Sophos Anti-virus 3.80
Sophos Anti-virus 3.81
Sophos Anti-virus 3.91
Sophos Anti-virus 3.95
Sophos Anti-virus 4.5.4
7.5
CVSSv2
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v18.5 MR3 and older.
Sophos Sfos
7 Github repositories
2 Articles
7.5
CVSSv2
CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated malicious users to execute arbitrary SQL statements remotely.
Sophos Cyberoamos
7.5
CVSSv2
CVE-2020-15504
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an malicious user to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 ...
Sophos Xg Firewall Firmware
Sophos Xg Firewall Firmware 17.5
Sophos Xg Firewall Firmware 18.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »