Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-4934
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
Sophos Web Appliance
7.2
CVSSv3
CVE-2022-3696
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
7.2
CVSSv3
CVE-2022-3226
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
7.2
CVSSv3
CVE-2022-1807
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.
Sophos Firewall 19.0
Sophos Firewall 18.5
Sophos Firewall
7.2
CVSSv3
CVE-2017-6183
In Sophos Web Appliance (SWA) prior to 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
Sophos Web Appliance
7.2
CVSSv3
CVE-2016-9553
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP ...
Sophos Web Appliance 4.2.1.3
1 EDB exploit
7.2
CVSSv3
CVE-2016-9554
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the compone...
Sophos Web Appliance 4.2.1.3
1 EDB exploit
7
CVSSv3
CVE-2021-36808
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
Sophos Sophos Secure Workspace
1 Github repository
6.8
CVSSv3
CVE-2014-2005
Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x prior to 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate malicious users to obtain desktop access by leveraging the absence o...
Sophos Enterprise Console 5.2
Sophos Enterprise Console
Sophos Enterprise Console 5.2.1
Sophos Enterprise Console 5.1
6.7
CVSSv3
CVE-2021-25270
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
Sophos Hitmanpro.alert
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »