Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1551
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote malicious users to bypass virus protection if the file is executed before the antivirus starts on system reboot.
Sophos Sophos Anti-virus 3.93
NA
CVE-2006-4839
Sophos Anti-Virus 5.1 allows remote malicious users to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
Sophos Sophos Anti-virus 5.1
9.8
CVSSv3
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS prior to 10.6.6 MR-6 allows remote malicious users to execute arbitrary commands via the Web Admin and SSL VPN consoles.
Sophos Cyberoamos 10.6.6
Sophos Cyberoamos
6.7
CVSSv3
CVE-2021-25264
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
Sophos Home
Sophos Intercept X
8.8
CVSSv3
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated malicious users to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
Sophos Sfos
Sophos Sfos 17.1
9.8
CVSSv3
CVE-2020-15069
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
Sophos Xg Firewall Firmware
Sophos Xg Firewall Firmware 17.5
NA
CVE-2005-3382
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote malicious users to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated a...
Sophos Sophos Anti-virus 3.91 Engine 2.28.4
3.9
CVSSv3
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
Sophos Intercept X
Sophos Authenticator
NA
CVE-2008-0838
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
Sophos Es1000 2.1.0.0
Sophos Es4000 2.1.0.0
1 EDB exploit
9.8
CVSSv3
CVE-2017-6315
Astaro Security Gateway (aka ASG) 7 allows remote malicious users to execute arbitrary code via a crafted request to index.plx.
Sophos Astaro Security Gateway Firmware 7.500
Sophos Astaro Security Gateway Firmware 7.506
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »