Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
5.1
CVSSv2
CVE-2005-1551
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote malicious users to bypass virus protection if the file is executed before the antivirus starts on system reboot.
Sophos Sophos Anti-virus 3.93
5
CVSSv2
CVE-2006-4839
Sophos Anti-Virus 5.1 allows remote malicious users to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
Sophos Sophos Anti-virus 5.1
10
CVSSv2
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS prior to 10.6.6 MR-6 allows remote malicious users to execute arbitrary commands via the Web Admin and SSL VPN consoles.
Sophos Cyberoamos 10.6.6
Sophos Cyberoamos
7.2
CVSSv2
CVE-2021-25264
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
Sophos Home
Sophos Intercept X
9
CVSSv2
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated malicious users to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
Sophos Sfos
Sophos Sfos 17.1
7.5
CVSSv2
CVE-2020-15069
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
Sophos Xg Firewall Firmware
Sophos Xg Firewall Firmware 17.5
5
CVSSv2
CVE-2005-3382
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote malicious users to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated a...
Sophos Sophos Anti-virus 3.91 Engine 2.28.4
2.1
CVSSv2
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
Sophos Intercept X
Sophos Authenticator
4.3
CVSSv2
CVE-2008-0838
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
Sophos Es1000 2.1.0.0
Sophos Es4000 2.1.0.0
1 EDB exploit
10
CVSSv2
CVE-2017-6315
Astaro Security Gateway (aka ASG) 7 allows remote malicious users to execute arbitrary code via a crafted request to index.plx.
Sophos Astaro Security Gateway Firmware 7.500
Sophos Astaro Security Gateway Firmware 7.506
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »