Vulnerabilities > Sophos > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-22 | CVE-2022-0652 | Incorrect Permission Assignment for Critical Resource vulnerability in Sophos Unified Threat Management Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. | 7.8 |
| 2021-11-26 | CVE-2021-36807 | SQL Injection vulnerability in Sophos Unified Threat Management Up2Date An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | 8.8 |
| 2021-10-30 | CVE-2021-36808 | Race Condition vulnerability in Sophos Secure Workspace A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. | 7.0 |
| 2021-03-22 | CVE-2021-25265 | Unspecified vulnerability in Sophos Connect A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | 8.8 |
| 2020-08-07 | CVE-2020-17352 | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0 Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 8.8 |
| 2020-04-17 | CVE-2020-10947 | Link Following vulnerability in Sophos products Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | 8.8 |
| 2020-03-02 | CVE-2020-9540 | Unspecified vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | 7.8 |
| 2020-02-24 | CVE-2020-9363 | Interpretation Conflict vulnerability in Sophos products The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. | 7.8 |
| 2019-06-20 | CVE-2018-16118 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | 8.1 |
| 2019-06-20 | CVE-2018-16117 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. | 8.8 |