Vulnerabilities > Sophos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-22 | CVE-2020-14980 | Improper Certificate Validation vulnerability in Sophos Secure Email 3.9.4 The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | 5.9 |
| 2020-06-18 | CVE-2020-11503 | Out-of-bounds Write vulnerability in Sophos Sfos A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | 9.8 |
| 2020-04-27 | CVE-2020-12271 | SQL Injection vulnerability in Sophos Sfos A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. | 9.8 |
| 2020-04-17 | CVE-2020-10947 | Link Following vulnerability in Sophos products Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | 8.8 |
| 2020-03-02 | CVE-2020-9540 | Unspecified vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | 7.8 |
| 2020-02-24 | CVE-2020-9363 | Interpretation Conflict vulnerability in Sophos products The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. | 7.8 |
| 2019-10-11 | CVE-2019-17059 | OS Command Injection vulnerability in Sophos Cyberoamos A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | 9.8 |
| 2019-06-20 | CVE-2018-16118 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | 8.1 |
| 2019-06-20 | CVE-2018-16117 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. | 8.8 |
| 2019-06-20 | CVE-2018-16116 | SQL Injection vulnerability in Sophos Sfos 17.0.8 SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | 8.8 |