Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v19.0 MR1 and older.
Sophos Firewall
2 Articles
7.2
CVSSv3
CVE-2022-3226
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
7.5
CVSSv3
CVE-2023-5552
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.
Sophos Firewall
6.1
CVSSv3
CVE-2023-33335
Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.
Sophos Iview -
5.5
CVSSv3
CVE-2017-6007
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro prior to 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.
Sophos Hitmanpro
7.8
CVSSv3
CVE-2017-6008
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro prior to 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
Sophos Hitmanpro
1 EDB exploit
2 Github repositories
6.1
CVSSv3
CVE-2016-9834
An XSS vulnerability allows remote malicious users to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware up to and including 10.6.4. User interaction is required to exploit this vulnerability in that the target must ...
Sophos Cyberoam Firmware
1 EDB exploit
4.3
CVSSv3
CVE-2022-48309
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
Sophos Connect
1 Github repository
5.5
CVSSv3
CVE-2022-48310
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
Sophos Connect
1 Github repository
8.8
CVSSv3
CVE-2021-25265
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
Sophos Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »