Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2020-14980
The Sophos Secure Email application up to and including 3.9.4 for Android has Missing SSL Certificate Validation.
Sophos Sophos Secure Email
NA
CVE-2006-0994
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x prior to 5.2.1 and 4.x prior to 4.05, when cabinet file inspection is enabled, allows remote malicious users to execute arbitrary code via a CAB file with "invalid folder count values," which lead...
Sophos Sophos Anti-virus
7.8
CVSSv3
CVE-2018-6318
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its...
Sophos Sophos Tester 3.2.0.7
5.5
CVSSv3
CVE-2018-6319
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program...
Sophos Sophos Tester 3.2.0.7
NA
CVE-2006-6335
Multiple buffer overflows in Sophos Anti-Virus scanning engine prior to 2.40 allow remote malicious users to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calc...
Sophos Sophos Anti-virus
6.1
CVSSv3
CVE-2016-3968
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote malicious users to i...
Sophos Cyberoam Cr100ing Utm Firmware 10.6.3 Mr-1 Build 503
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Mr-1 Build 383
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Build 378
9.8
CVSSv3
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Sophos Unified Threat Management
Sophos Unified Threat Management 9.511
Sophos Unified Threat Management 9.607
Sophos Unified Threat Management 9.705
3 Github repositories
4.4
CVSSv3
CVE-2021-25269
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Explo...
Sophos Exploit Prevention
Sophos Intercept X Endpoint
Sophos Intercept X For Server
9.8
CVSSv3
CVE-2020-11503
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an malicious user to run arbitrary code remotely.
Sophos Sfos
Sophos Sfos 17.5
NA
CVE-2005-1551
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote malicious users to bypass virus protection if the file is executed before the antivirus starts on system reboot.
Sophos Sophos Anti-virus 3.93
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »