Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-1438
The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote malicious users to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additiona...
Comodo Comodo Antivirus 7425
Sophos Sophos Anti-virus 4.61.0
8.8
CVSSv3
CVE-2020-17352
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated malicious user to remotely execute arbitrary code.
Sophos Xg Firewall Firmware 17.5
Sophos Xg Firewall Firmware 18.0
8.4
CVSSv3
CVE-2022-3709
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
2.7
CVSSv3
CVE-2022-3710
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
6.1
CVSSv3
CVE-2016-6217
Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX prior to 6.3.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Sophos Puremessage
7.2
CVSSv3
CVE-2022-3226
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
6
CVSSv3
CVE-2021-25271
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.
Sophos Hitmanpro
6.1
CVSSv3
CVE-2023-33335
Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.
Sophos Iview -
7.8
CVSSv3
CVE-2017-7441
In Sophos SurfRight HitmanPro prior to 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak som...
Sophos Hitmanpro
7.8
CVSSv3
CVE-2020-9540
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.
Sophos Hitmanpro.alert
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »