Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2021-25268
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
Sophos Firewall Firmware
187
VMScore
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
Sophos Intercept X
Sophos Authenticator
445
VMScore
CVE-2022-0331
An information disclosure vulnerability in Webadmin allows an unauthenticated remote malicious user to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
Sophos Sfos
670
VMScore
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v18.5 MR3 and older.
Sophos Sfos
7 Github repositories
2 Articles
187
VMScore
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local malicious user to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
Sophos Unified Threat Management
578
VMScore
CVE-2022-0386
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated malicious user to execute code in Sophos UTM before version 9.710.
Sophos Unified Threat Management
320
VMScore
CVE-2021-36809
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.
Sophos Ssl Vpn Client -
578
VMScore
CVE-2021-36807
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
Sophos Unified Threat Management Up2date
187
VMScore
CVE-2021-25269
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Explo...
Sophos Exploit Prevention
Sophos Intercept X Endpoint
Sophos Intercept X For Server
392
VMScore
CVE-2021-36808
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
Sophos Sophos Secure Workspace
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »