Filtered by vendor Sophos
Subscribe
Total
160 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1807 | 1 Sophos | 1 Firewall | 2023-12-10 | N/A | 7.2 HIGH |
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | |||||
CVE-2022-0331 | 1 Sophos | 1 Sfos | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | |||||
CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2023-12-10 | 2.1 LOW | 3.9 LOW |
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | |||||
CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2023-12-10 | 3.6 LOW | 6.0 MEDIUM |
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | |||||
CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
CVE-2021-25267 | 1 Sophos | 2 Firewall, Firewall Firmware | 2023-12-10 | 8.5 HIGH | 8.4 HIGH |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | |||||
CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2023-12-10 | 6.0 MEDIUM | 8.4 HIGH |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | |||||
CVE-2022-1040 | 1 Sophos | 1 Sfos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | |||||
CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | |||||
CVE-2021-25271 | 1 Sophos | 1 Hitmanpro | 2023-12-10 | 3.6 LOW | 6.0 MEDIUM |
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | |||||
CVE-2021-25270 | 1 Sophos | 1 Hitmanpro.alert | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | |||||
CVE-2021-25269 | 1 Sophos | 3 Exploit Prevention, Intercept X Endpoint, Intercept X For Server | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. | |||||
CVE-2021-36808 | 1 Sophos | 1 Sophos Secure Workspace | 2023-12-10 | 4.4 MEDIUM | 7.0 HIGH |
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. | |||||
CVE-2021-36807 | 1 Sophos | 1 Unified Threat Management Up2date | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | |||||
CVE-2021-25273 | 1 Sophos | 1 Unified Threat Management | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | |||||
CVE-2021-25264 | 1 Sophos | 2 Home, Intercept X | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | |||||
CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | |||||
CVE-2020-29574 | 1 Sophos | 1 Cyberoamos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | |||||
CVE-2021-25265 | 2 Microsoft, Sophos | 2 Windows, Connect | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | |||||
CVE-2020-15069 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. |