Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-1438
The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote malicious users to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additiona...
Comodo Comodo Antivirus 7425
Sophos Sophos Anti-virus 4.61.0
8.8
CVSSv3
CVE-2020-17352
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated malicious user to remotely execute arbitrary code.
Sophos Xg Firewall Firmware 17.5
Sophos Xg Firewall Firmware 18.0
6.1
CVSSv3
CVE-2022-4901
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
Sophos Connect
1 Github repository
8.4
CVSSv3
CVE-2021-25267
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.
Sophos Firewall Firmware
7.8
CVSSv3
CVE-2020-9540
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.
Sophos Hitmanpro.alert
9.8
CVSSv3
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v18.5 MR3 and older.
Sophos Sfos
7 Github repositories
2 Articles
6.1
CVSSv3
CVE-2016-6217
Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX prior to 6.3.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Sophos Puremessage
9.8
CVSSv3
CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated malicious users to execute arbitrary SQL statements remotely.
Sophos Cyberoamos
7.8
CVSSv3
CVE-2017-7441
In Sophos SurfRight HitmanPro prior to 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak som...
Sophos Hitmanpro
9.8
CVSSv3
CVE-2022-3980
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
Sophos Mobile
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »