Vulnerabilities > Sophos

DATE CVE VULNERABILITY TITLE RISK
2021-10-08 CVE-2021-25270 Improper Privilege Management vulnerability in Sophos Hitmanpro.Alert 3.7.6.744/861
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
local
low complexity
sophos CWE-269
7.2
2021-10-08 CVE-2021-25271 Improper Privilege Management vulnerability in Sophos Hitmanpro 3.7/3.7.20
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.
local
low complexity
sophos CWE-269
3.6
2021-07-29 CVE-2021-25273 Cross-site Scripting vulnerability in Sophos Unified Threat Management
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
network
sophos CWE-79
3.5
2021-05-17 CVE-2021-25264 Code Injection vulnerability in Sophos Home and Intercept X
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
local
low complexity
sophos CWE-94
7.2
2021-03-22 CVE-2021-25265 Unspecified vulnerability in Sophos Connect
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
network
sophos
6.8
2020-12-11 CVE-2020-29574 SQL Injection vulnerability in Sophos Cyberoamos
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
network
low complexity
sophos CWE-89
7.5
2020-09-25 CVE-2020-25223 Code Injection vulnerability in Sophos United Threat Management
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
network
low complexity
sophos CWE-94
critical
10.0
2020-08-07 CVE-2020-17352 OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
network
low complexity
sophos CWE-78
6.5
2020-07-10 CVE-2020-15504 SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely.
network
low complexity
sophos CWE-89
7.5
2020-06-29 CVE-2020-15069 Classic Buffer Overflow vulnerability in Sophos XG Firewall Firmware 17.0/17.5
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access.
network
low complexity
sophos CWE-120
7.5