Vulnerabilities > Sophos > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2023-1671 | Command Injection vulnerability in Sophos web Appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 9.8 |
| 2022-11-16 | CVE-2022-3980 | XXE vulnerability in Sophos Mobile 5.0.0/9.7.3/9.7.4 An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | 9.8 |
| 2022-09-23 | CVE-2022-3236 | Code Injection vulnerability in Sophos Firewall 19.0.1 A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | 9.8 |
| 2022-03-25 | CVE-2022-1040 | Unspecified vulnerability in Sophos Sfos An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | 9.8 |
| 2020-12-11 | CVE-2020-29574 | SQL Injection vulnerability in Sophos Cyberoamos An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | 9.8 |
| 2020-09-25 | CVE-2020-25223 | OS Command Injection vulnerability in Sophos Unified Threat Management A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 9.8 |
| 2020-07-10 | CVE-2020-15504 | SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0 A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. | 9.8 |
| 2020-06-29 | CVE-2020-15069 | Classic Buffer Overflow vulnerability in Sophos XG Firewall Firmware 17.0/17.5 Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. | 9.8 |
| 2020-06-18 | CVE-2020-11503 | Out-of-bounds Write vulnerability in Sophos Sfos A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | 9.8 |
| 2020-04-27 | CVE-2020-12271 | SQL Injection vulnerability in Sophos Sfos A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. | 9.8 |