Filtered by vendor Sophos
Subscribe
Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1040 | 1 Sophos | 1 Sfos | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | |||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2023-08-08 | N/A | 9.8 CRITICAL |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | |||||
| CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | |||||
| CVE-2020-12271 | 1 Sophos | 2 Sfos, Xg Firewall | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords) | |||||
| CVE-2020-29574 | 1 Sophos | 1 Cyberoamos | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | |||||
| CVE-2019-17059 | 1 Sophos | 2 Cyberoam, Cyberoamos | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | |||||
| CVE-2020-15069 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2020-07-16 | 7.5 HIGH | 9.8 CRITICAL |
| Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. | |||||
| CVE-2020-15504 | 1 Sophos | 1 Xg Firewall Firmware | 2020-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. | |||||
| CVE-2020-11503 | 1 Sophos | 2 Sfos, Xg Firewall | 2020-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | |||||
| CVE-2017-6182 | 1 Sophos | 1 Web Appliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | |||||
| CVE-2012-6706 | 2 Rarlab, Sophos | 2 Unrar, Threat Detection Engine | 2018-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. | |||||
| CVE-2017-6315 | 1 Sophos | 2 Astaro Security Gateway, Astaro Security Gateway Firmware | 2017-09-27 | 10.0 HIGH | 9.8 CRITICAL |
| Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. | |||||