Vulnerabilities > Sophos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-17 | CVE-2020-10947 | Improper Privilege Management vulnerability in Sophos products Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | 6.5 |
| 2020-03-02 | CVE-2020-9540 | Improper Privilege Management vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | 4.6 |
| 2020-02-24 | CVE-2020-9363 | Interpretation Conflict vulnerability in Sophos products The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. | 6.8 |
| 2019-10-11 | CVE-2019-17059 | OS Command Injection vulnerability in Sophos Cyberoamos A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | 10.0 |
| 2019-06-20 | CVE-2018-16118 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | 9.3 |
| 2019-06-20 | CVE-2018-16117 | OS Command Injection vulnerability in Sophos Sfos 17.1 A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. | 9.0 |
| 2019-06-20 | CVE-2018-16116 | SQL Injection vulnerability in Sophos Sfos 17.0.8 SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | 6.5 |
| 2019-04-09 | CVE-2017-17023 | Insufficient Verification of Data Authenticity vulnerability in multiple products The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). | 9.3 |
| 2018-10-25 | CVE-2018-3971 | Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. | 7.8 |
| 2018-10-25 | CVE-2018-3970 | Use of Uninitialized Resource vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. | 5.5 |