Vulnerabilities > Sophos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-25270 | Unspecified vulnerability in Sophos Hitmanpro.Alert 3.7.6.744/861 A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | 6.7 |
| 2021-10-08 | CVE-2021-25271 | Unspecified vulnerability in Sophos Hitmanpro 3.7/3.7.20 A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | 6.0 |
| 2021-07-29 | CVE-2021-25273 | Cross-site Scripting vulnerability in Sophos Unified Threat Management Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | 4.8 |
| 2021-05-17 | CVE-2021-25264 | Unspecified vulnerability in Sophos Home and Intercept X In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | 6.7 |
| 2021-03-22 | CVE-2021-25265 | Unspecified vulnerability in Sophos Connect A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | 8.8 |
| 2020-12-11 | CVE-2020-29574 | SQL Injection vulnerability in Sophos Cyberoamos An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | 9.8 |
| 2020-09-25 | CVE-2020-25223 | OS Command Injection vulnerability in Sophos Unified Threat Management A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 9.8 |
| 2020-08-07 | CVE-2020-17352 | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0 Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 8.8 |
| 2020-07-10 | CVE-2020-15504 | SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. | 9.8 |
| 2020-06-29 | CVE-2020-15069 | Classic Buffer Overflow vulnerability in Sophos XG Firewall Firmware 17.0/17.5 Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. | 9.8 |