Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2641
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance prior to 3.7.8.2 allows remote malicious users to read arbitrary files via the id parameter.
Sophos Web Appliance Firmware
Sophos Web Appliance -
1 EDB exploit
NA
CVE-2013-2643
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance prior to 3.7.8.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to e...
Sophos Web Appliance Firmware
Sophos Web Appliance -
1 EDB exploit
NA
CVE-2013-2642
Sophos Web Appliance prior to 3.7.8.2 allows (1) remote malicious users to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execut...
Sophos Web Appliance Firmware
Sophos Web Appliance -
1 EDB exploit
5.5
CVSSv3
CVE-2018-6319
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program...
Sophos Sophos Tester 3.2.0.7
NA
CVE-2006-0994
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x prior to 5.2.1 and 4.x prior to 4.05, when cabinet file inspection is enabled, allows remote malicious users to execute arbitrary code via a CAB file with "invalid folder count values," which lead...
Sophos Sophos Anti-virus
6.1
CVSSv3
CVE-2016-3968
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote malicious users to i...
Sophos Cyberoam Cr100ing Utm Firmware 10.6.3 Mr-1 Build 503
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Mr-1 Build 383
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Build 378
9.8
CVSSv3
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Sophos Unified Threat Management
Sophos Unified Threat Management 9.511
Sophos Unified Threat Management 9.607
Sophos Unified Threat Management 9.705
3 Github repositories
4.4
CVSSv3
CVE-2021-25269
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Explo...
Sophos Exploit Prevention
Sophos Intercept X Endpoint
Sophos Intercept X For Server
8.8
CVSSv3
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated malicious users to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
Sophos Sfos
Sophos Sfos 17.1
9.8
CVSSv3
CVE-2020-11503
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an malicious user to run arbitrary code remotely.
Sophos Sfos
Sophos Sfos 17.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »