Vulnerabilities > Sophos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-26 | CVE-2021-36807 | SQL Injection vulnerability in Sophos Unified Threat Management Up2Date An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | 6.5 |
| 2021-10-30 | CVE-2021-36808 | Race Condition vulnerability in Sophos Secure Workspace A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. | 4.4 |
| 2021-03-22 | CVE-2021-25265 | Unspecified vulnerability in Sophos Connect A malicious website could execute code remotely in Sophos Connect Client before version 2.1. network sophos | 6.8 |
| 2020-08-07 | CVE-2020-17352 | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0 Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 6.5 |
| 2020-06-22 | CVE-2020-14980 | Improper Certificate Validation vulnerability in Sophos Secure Email 3.9.4 The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | 5.9 |
| 2020-04-17 | CVE-2020-10947 | Improper Privilege Management vulnerability in Sophos products Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | 6.5 |
| 2020-03-02 | CVE-2020-9540 | Improper Privilege Management vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | 4.6 |
| 2020-02-24 | CVE-2020-9363 | Interpretation Conflict vulnerability in Sophos products The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. | 6.8 |
| 2019-06-20 | CVE-2018-16116 | SQL Injection vulnerability in Sophos Sfos 17.0.8 SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | 6.5 |
| 2018-10-25 | CVE-2018-3970 | Use of Uninitialized Resource vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. | 5.5 |