Vulnerabilities > Sophos
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-17 | CVE-2021-25264 | Unspecified vulnerability in Sophos Home and Intercept X In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | 7.2 |
2021-03-22 | CVE-2021-25265 | Unspecified vulnerability in Sophos Connect A malicious website could execute code remotely in Sophos Connect Client before version 2.1. network sophos | 6.8 |
2020-12-11 | CVE-2020-29574 | SQL Injection vulnerability in Sophos Cyberoamos An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | 7.5 |
2020-09-25 | CVE-2020-25223 | OS Command Injection vulnerability in Sophos Unified Threat Management A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 9.8 |
2020-08-07 | CVE-2020-17352 | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0 Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 6.5 |
2020-07-10 | CVE-2020-15504 | SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. | 7.5 |
2020-06-29 | CVE-2020-15069 | Classic Buffer Overflow vulnerability in Sophos XG Firewall Firmware 17.0/17.5 Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. | 7.5 |
2020-06-22 | CVE-2020-14980 | Improper Certificate Validation vulnerability in Sophos Secure Email 3.9.4 The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | 5.9 |
2020-06-18 | CVE-2020-11503 | Out-of-bounds Write vulnerability in Sophos Sfos 17.0/17.1/17.5 A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | 7.5 |
2020-04-27 | CVE-2020-12271 | SQL Injection vulnerability in Sophos Sfos A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. | 9.8 |