Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-14980
The Sophos Secure Email application up to and including 3.9.4 for Android has Missing SSL Certificate Validation.
Sophos Sophos Secure Email
9.3
CVSSv2
CVE-2018-6318
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its...
Sophos Sophos Tester 3.2.0.7
4.9
CVSSv2
CVE-2018-6319
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program...
Sophos Sophos Tester 3.2.0.7
4.4
CVSSv2
CVE-2021-36808
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
Sophos Sophos Secure Workspace
1 Github repository
5.1
CVSSv2
CVE-2005-3216
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote malicious users to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Win...
Sophos Sophos Anti-virus
4.3
CVSSv2
CVE-2016-3968
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote malicious users to i...
Sophos Cyberoam Cr100ing Utm Firmware 10.6.3 Mr-1 Build 503
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Mr-1 Build 383
Sophos Cyberoam Cr35ing Utm Firmware 10.6.2 Build 378
10
CVSSv2
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Sophos Unified Threat Management
Sophos Unified Threat Management 9.511
Sophos Unified Threat Management 9.607
Sophos Unified Threat Management 9.705
3 Github repositories
2.1
CVSSv2
CVE-2021-25269
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Explo...
Sophos Exploit Prevention
Sophos Intercept X Endpoint
Sophos Intercept X For Server
5
CVSSv2
CVE-2006-4839
Sophos Anti-Virus 5.1 allows remote malicious users to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
Sophos Sophos Anti-virus 5.1
2.1
CVSSv2
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
Sophos Intercept X
Sophos Authenticator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »