Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sophos vulnerabilities and exploits
(subscribe to this query)
2.7
CVSSv3
CVE-2022-3710
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
4.3
CVSSv3
CVE-2022-3711
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
8.8
CVSSv3
CVE-2022-3713
A code injection vulnerability allows adjacent malicious users to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.
Sophos Xg Firewall Firmware
6.1
CVSSv3
CVE-2023-33335
Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.
Sophos Iview -
6.1
CVSSv3
CVE-2016-6217
Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX prior to 6.3.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Sophos Puremessage
5.3
CVSSv3
CVE-2022-0331
An information disclosure vulnerability in Webadmin allows an unauthenticated remote malicious user to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
Sophos Sfos
9.8
CVSSv3
CVE-2022-3980
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
Sophos Mobile
9.8
CVSSv3
CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote malicious user to execute code in Sophos Firewall version v19.0 MR1 and older.
Sophos Firewall
2 Articles
6.1
CVSSv3
CVE-2016-9834
An XSS vulnerability allows remote malicious users to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware up to and including 10.6.4. User interaction is required to exploit this vulnerability in that the target must ...
Sophos Cyberoam Firmware
1 EDB exploit
NA
CVE-2012-1428
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote malicious users to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be...
Cat Quick Heal 11.00
Norman Norman Antivirus \\& Antispyware 6.06.12
Sophos Sophos Anti-virus 4.61.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »