Vulnerabilities > Sophos
|2021-10-08||CVE-2021-25270|| Improper Privilege Management vulnerability in Sophos Hitmanpro.Alert 18.104.22.1684/861 |
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
| 7.2 |
|2021-10-08||CVE-2021-25271|| Improper Privilege Management vulnerability in Sophos Hitmanpro 3.7/3.7.20 |
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.
| 3.6 |
|2021-07-29||CVE-2021-25273|| Cross-site Scripting vulnerability in Sophos Unified Threat Management |
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
| 3.5 |
|2021-05-17||CVE-2021-25264|| Code Injection vulnerability in Sophos Home and Intercept X |
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
| 7.2 |
|2021-03-22||CVE-2021-25265|| Unspecified vulnerability in Sophos Connect |
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
| 6.8 |
|2020-12-11||CVE-2020-29574|| SQL Injection vulnerability in Sophos Cyberoamos |
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
| 7.5 |
|2020-09-25||CVE-2020-25223|| Code Injection vulnerability in Sophos United Threat Management |
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
| 10.0 |
|2020-08-07||CVE-2020-17352|| OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0 |
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
| 6.5 |
|2020-07-10||CVE-2020-15504|| SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 |
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely.
| 7.5 |
|2020-06-29||CVE-2020-15069|| Classic Buffer Overflow vulnerability in Sophos XG Firewall Firmware 17.0/17.5 |
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access.
| 7.5 |