Vulnerabilities > Sophos

DATE CVE VULNERABILITY TITLE RISK
2020-12-11 CVE-2020-29574 SQL Injection vulnerability in Sophos Cyberoamos
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
network
low complexity
sophos CWE-89
7.5
2020-09-25 CVE-2020-25223 Code Injection vulnerability in Sophos United Threat Management
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
network
low complexity
sophos CWE-94
critical
10.0
2020-08-07 CVE-2020-17352 OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
network
low complexity
sophos CWE-78
6.5
2020-07-10 CVE-2020-15504 SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely.
network
low complexity
sophos CWE-89
7.5
2020-06-29 CVE-2020-15069 Classic Buffer Overflow vulnerability in Sophos XG Firewall Firmware 17.0/17.5
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access.
network
low complexity
sophos CWE-120
7.5
2020-06-22 CVE-2020-14980 Improper Certificate Validation vulnerability in Sophos Secure Email 3.9.4
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.
network
sophos CWE-295
4.3
2020-06-18 CVE-2020-11503 Out-Of-Bounds Write vulnerability in Sophos Sfos 17.0/17.1/17.5
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.
network
low complexity
sophos CWE-787
7.5
2020-04-27 CVE-2020-12271 SQL Injection vulnerability in Sophos Sfos
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020.
network
low complexity
sophos CWE-89
7.5
2020-04-17 CVE-2020-10947 Improper Privilege Management vulnerability in Sophos products
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.
network
low complexity
sophos CWE-269
6.5
2020-03-02 CVE-2020-9540 Improper Privilege Management vulnerability in Sophos Hitmanpro.Alert 3.7.6.744
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.
local
low complexity
sophos CWE-269
4.6