Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-0331
An information disclosure vulnerability in Webadmin allows an unauthenticated remote malicious user to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
Sophos Sfos
NA
CVE-2022-3980
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
Sophos Mobile
NA
CVE-2022-3696
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
NA
CVE-2022-3711
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
NA
CVE-2022-3713
A code injection vulnerability allows adjacent malicious users to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
7.5
CVSSv2
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v18.5 MR3 and older.
Sophos Sfos
7 Github repositories
2 Articles
NA
CVE-2022-48309
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
Sophos Connect
1 Github repository
NA
CVE-2022-48310
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
Sophos Connect
1 Github repository
4.9
CVSSv2
CVE-2017-6007
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro prior to 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.
Sophos Hitmanpro
4.6
CVSSv2
CVE-2017-6008
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro prior to 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
Sophos Hitmanpro
1 EDB exploit
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »