Vulnerabilities > Sophos > XG Firewall Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-10 CVE-2020-15504 SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely.
network
low complexity
sophos CWE-89
critical
 9.8
9.8
2020-06-29 CVE-2020-15069 Classic Buffer Overflow vulnerability in Sophos XG Firewall Firmware 17.0/17.5
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access.
network
low complexity
sophos CWE-120
critical
 9.8
9.8