Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
614
VMScore
CVE-2014-2005
Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x prior to 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate malicious users to obtain desktop access by leveraging the absence o...
Sophos Enterprise Console 5.2
Sophos Enterprise Console
Sophos Enterprise Console 5.2.1
Sophos Enterprise Console 5.1
614
VMScore
CVE-2010-5249
Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 and Sophos SafeGuard PrivateCrypto 2.40.1.2 allows local users to gain privileges via a Trojan horse pcrypt0406.dll file in the current working directory, as demonstrated by a directory that contains a .uti fi...
Sophos Free Encryption 2.40.1.1
Sophos Safeguard Privatecrypto 2.40.1.2
614
VMScore
CVE-2011-5117
Sophos SafeGuard Enterprise Device Encryption 5.x up to and including 5.50.8.13, Sophos SafeGuard Easy Device Encryption Client 5.50.x, and Sophos Disk Encryption 5.50.x have a delay before removal of (1) out-of-date credentials and (2) invalid credentials, which allows physicall...
Sophos Safeguard Enterprise Device Encryption 5.50.8
Sophos Safeguard Enterprise Device Encryption 5.50.0
Sophos Safeguard Enterprise Device Encryption 5.40.0
Sophos Safeguard Enterprise Device Encryption 5.35.3
Sophos Safeguard Enterprise Device Encryption 5.35.2
Sophos Safeguard Enterprise Device Encryption 5.35.1
Sophos Safeguard Enterprise Device Encryption 5.6
Sophos Safeguard Enterprise Device Encryption 5.50.1
Sophos Safeguard Enterprise Device Encryption 5.35.0
Sophos Safeguard Easy Device Encryption Client 5.50.1
Sophos Safeguard Easy Device Encryption Client 5.50.8
Sophos Safeguard Easy Device Encryption Client 5.50.0
Sophos Disk Encryption 5.50.0
Sophos Disk Encryption 5.50.1
Sophos Disk Encryption 5.50.8
614
VMScore
CVE-2008-1737
Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argume...
Sophos Anti-virus 7.0.5
605
VMScore
CVE-2021-25265
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
Sophos Connect
605
VMScore
CVE-2020-9363
The Sophos AV parsing engine prior to 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply t...
Sophos Cloud Optix
Sophos Endpoint Protection
Sophos Intercept X Endpoint
Sophos Intercept X For Server
Sophos Mobile
Sophos Secure Web Gateway
605
VMScore
CVE-2017-6419
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
Libmspack Project Libmspack 0.5
605
VMScore
CVE-2007-4578
Sophos Anti-Virus for Windows and for Unix/Linux prior to 2.48.0 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vend...
Sophos Anti-virus 3.78
Sophos Anti-virus 3.78d
Sophos Anti-virus 3.79
Sophos Anti-virus 3.86
Sophos Anti-virus 3.90
Sophos Anti-virus 4.5.11
Sophos Anti-virus 4.5.12
Sophos Anti-virus 5.0.9
Sophos Small Business Suite 4.04
Sophos Small Business Suite 4.05
Sophos Anti-virus 3.4.6
Sophos Anti-virus 3.84
Sophos Anti-virus 3.85
Sophos Anti-virus 4.04
Sophos Anti-virus 4.05
Sophos Anti-virus 5.0.1
Sophos Anti-virus 5.0.2
Sophos Anti-virus 5.0.4
Sophos Scanning Engine 2.30.4
Sophos Scanning Engine 2.40.2
Sophos Anti-virus 3.82
Sophos Anti-virus 3.83
578
VMScore
CVE-2022-0386
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated malicious user to execute code in Sophos UTM before version 9.710.
Sophos Unified Threat Management
578
VMScore
CVE-2021-36807
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
Sophos Unified Threat Management Up2date
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »