Vulnerabilities > Sophos > Sfos > 17.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2022-0331 | Unspecified vulnerability in Sophos Sfos An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | 5.3 |
| 2022-03-25 | CVE-2022-1040 | Unspecified vulnerability in Sophos Sfos An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | 9.8 |
| 2020-06-18 | CVE-2020-11503 | Out-of-bounds Write vulnerability in Sophos Sfos A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | 9.8 |
| 2020-04-27 | CVE-2020-12271 | SQL Injection vulnerability in Sophos Sfos A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. | 9.8 |
| 2019-06-20 | CVE-2018-16118 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | 8.1 |
| 2019-06-20 | CVE-2018-16117 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. | 8.8 |