Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS prior to 10.6.6 MR-6 allows remote malicious users to execute arbitrary commands via the Web Admin and SSL VPN consoles.
Sophos Cyberoamos 10.6.6
Sophos Cyberoamos
5
CVSSv2
CVE-2005-3382
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote malicious users to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated a...
Sophos Sophos Anti-virus 3.91 Engine 2.28.4
9
CVSSv2
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated malicious users to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
Sophos Sfos
Sophos Sfos 17.1
4.3
CVSSv2
CVE-2017-18014
An NC-25986 issue exists in the Logging subsystem of Sophos XG Firewall with SFOS prior to 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protect...
Sophos Sfos
Sophos Sfos 17.0
7.5
CVSSv2
CVE-2020-11503
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an malicious user to run arbitrary code remotely.
Sophos Sfos
Sophos Sfos 17.5
7.2
CVSSv2
CVE-2021-25264
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
Sophos Home
Sophos Intercept X
5
CVSSv2
CVE-2006-4839
Sophos Anti-Virus 5.1 allows remote malicious users to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
Sophos Sophos Anti-virus 5.1
2.1
CVSSv2
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
Sophos Intercept X
Sophos Authenticator
4.3
CVSSv2
CVE-2008-0838
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
Sophos Es1000 2.1.0.0
Sophos Es4000 2.1.0.0
1 EDB exploit
10
CVSSv2
CVE-2017-6315
Astaro Security Gateway (aka ASG) 7 allows remote malicious users to execute arbitrary code via a crafted request to index.plx.
Sophos Astaro Security Gateway Firmware 7.500
Sophos Astaro Security Gateway Firmware 7.506
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »