Filtered by vendor Sophos
Subscribe
Total
153 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1671 | 1 Sophos | 1 Web Appliance | 2024-06-17 | N/A | 9.8 CRITICAL |
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | |||||
CVE-2010-5177 | 2 Microsoft, Sophos | 2 Windows Xp, Sophos Endpoint Security And Control | 2024-05-17 | 6.2 MEDIUM | N/A |
** DISPUTED ** Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
CVE-2004-2252 | 1 Sophos | 1 Astaro Security Linux | 2024-02-13 | 5.0 MEDIUM | N/A |
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||||
CVE-2021-36806 | 1 Sophos | 1 Email Appliance | 2024-02-05 | N/A | 6.1 MEDIUM |
A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4. | |||||
CVE-2023-33335 | 1 Sophos | 1 Iview | 2024-02-04 | N/A | 6.1 MEDIUM |
Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. | |||||
CVE-2023-33336 | 1 Sophos | 1 Web Appliance | 2024-02-04 | N/A | 4.8 MEDIUM |
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | |||||
CVE-2022-3711 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-02-04 | N/A | 4.3 MEDIUM |
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall older than version 19.5 GA. | |||||
CVE-2022-48310 | 1 Sophos | 1 Connect | 2024-02-04 | N/A | 5.5 MEDIUM |
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | |||||
CVE-2022-4901 | 1 Sophos | 1 Connect | 2024-02-04 | N/A | 6.1 MEDIUM |
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | |||||
CVE-2022-3709 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-02-04 | N/A | 8.4 HIGH |
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall older than version 19.5 GA. | |||||
CVE-2022-48309 | 1 Sophos | 1 Connect | 2024-02-04 | N/A | 4.3 MEDIUM |
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | |||||
CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-02-04 | N/A | 2.7 LOW |
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall older than version 19.5 GA. | |||||
CVE-2022-3236 | 1 Sophos | 1 Firewall | 2024-02-04 | N/A | 9.8 CRITICAL |
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | |||||
CVE-2022-1807 | 1 Sophos | 1 Firewall | 2024-02-04 | N/A | 7.2 HIGH |
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | |||||
CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2024-02-04 | 3.6 LOW | 6.0 MEDIUM |
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | |||||
CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-02-04 | 6.0 MEDIUM | 8.4 HIGH |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | |||||
CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | |||||
CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
CVE-2021-25267 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-02-04 | 8.5 HIGH | 8.4 HIGH |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | |||||
CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2024-02-04 | 2.1 LOW | 3.9 LOW |
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. |