Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sfos vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2018-16118
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote malicious users to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
Sophos Sfos 17.0
Sophos Sfos 17.0.8
Sophos Sfos 17.1
Sophos Sfos
Sophos Sfos 16.5
668
VMScore
CVE-2020-12271
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 prior to 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone...
Sophos Sfos 17.1
Sophos Sfos 17.0
Sophos Sfos 18.0
Sophos Sfos 17.5
668
VMScore
CVE-2020-11503
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an malicious user to run arbitrary code remotely.
Sophos Sfos
Sophos Sfos 17.5
801
VMScore
CVE-2018-16117
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated malicious users to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
Sophos Sfos
Sophos Sfos 17.1
383
VMScore
CVE-2017-18014
An NC-25986 issue exists in the Logging subsystem of Sophos XG Firewall with SFOS prior to 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protect...
Sophos Sfos
Sophos Sfos 17.0
445
VMScore
CVE-2022-0331
An information disclosure vulnerability in Webadmin allows an unauthenticated remote malicious user to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
Sophos Sfos
670
VMScore
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v18.5 MR3 and older.
Sophos Sfos
7 Github repositories
2 Articles
578
VMScore
CVE-2018-16116
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated malicious users to execute arbitrary SQL commands via the "username" GET parameter.
Sophos Sfos 17.0.8
534
VMScore
CVE-2021-25268
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
Sophos Firewall Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started