Filtered by vendor Sophos
Subscriptions
Total
161 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3709 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-11-21 | 6.8 Medium |
| A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2022-3696 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-11-21 | 7.2 High |
| A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2022-3226 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-11-21 | 7.2 High |
| An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2022-1807 | 1 Sophos | 1 Firewall | 2024-11-21 | 7.2 High |
| Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | ||||
| CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 3.3 Low |
| Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | ||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 8.8 High |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | ||||
| CVE-2022-0331 | 1 Sophos | 1 Sfos | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | ||||
| CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2024-11-21 | 6.1 Medium |
| A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | ||||
| CVE-2021-36808 | 1 Sophos | 1 Sophos Secure Workspace | 2024-11-21 | 5.9 Medium |
| A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. | ||||
| CVE-2021-36807 | 1 Sophos | 1 Unified Threat Management Up2date | 2024-11-21 | 8.8 High |
| An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | ||||
| CVE-2021-25273 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 4.8 Medium |
| Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | ||||
| CVE-2021-25271 | 1 Sophos | 1 Hitmanpro | 2024-11-21 | 6.0 Medium |
| A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | ||||
| CVE-2021-25270 | 1 Sophos | 1 Hitmanpro.alert | 2024-11-21 | 6.7 Medium |
| A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | ||||
| CVE-2021-25269 | 1 Sophos | 3 Exploit Prevention, Intercept X Endpoint, Intercept X For Server | 2024-11-21 | 4.4 Medium |
| A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. | ||||
| CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 8.4 High |
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | ||||
| CVE-2021-25267 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 6.8 Medium |
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | ||||
| CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2024-11-21 | 3.9 Low |
| An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | ||||
| CVE-2021-25265 | 2 Microsoft, Sophos | 2 Windows, Connect | 2024-11-21 | 8.8 High |
| A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | ||||
| CVE-2021-25264 | 1 Sophos | 2 Home, Intercept X | 2024-11-21 | 6.7 Medium |
| In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | ||||
| CVE-2020-9540 | 1 Sophos | 1 Hitmanpro.alert | 2024-11-21 | 7.8 High |
| Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | ||||