sophos

173 tracked vulnerabilities.

CVE-2022-3709 MEDIUM
Sophos XG Firewall Firmware < 19.0 - Stored Cross-Site Scripting in Webadmin Import Group Wizard
Dec 01, 2022
CVSS 6.8
EPSS 0.00
CVE-2022-3696 HIGH
Sophos XG Firewall Firmware < 19.0 - Authenticated Code Injection in Webadmin
Dec 01, 2022
CVSS 7.2
EPSS 0.00
CVE-2022-3226 HIGH
Sophos Firewall <19.5 GA - Command Injection
Dec 01, 2022
CVSS 7.2
EPSS 0.00
CVE-2022-3980 CRITICAL NUCLEI
Sophos Mobile 5.0.0-9.7.4 - XML External Entity Injection
Nov 16, 2022
CVSS 9.8
EPSS 0.86
CVE-2022-3236 CRITICAL KEVNUCLEI
Sophos Firewall <19.0 MR1 - Code Injection
Sep 23, 2022
CVSS 9.8
EPSS 0.93
CVE-2022-1807 HIGH
Sophos Firewall < 18.5 - SQL Injection in Webadmin
Sep 07, 2022
CVSS 7.2
EPSS 0.00
CVE-2022-0331 MEDIUM
Sophos Firewall <v18.5 MR2 - Info Disclosure
Mar 29, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-1040 CRITICAL KEVNUCLEI
Sophos Firewall < 18.5.3 - Unauthenticated Remote Code Execution
Mar 25, 2022
CVSS 9.8
EPSS 0.94
CVE-2022-0652 LOW
Sophos UTM <9.710 - Info Disclosure
Mar 22, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-0386 HIGH
Sophos Unified Threat Management < 9.710 - Authenticated SQL Injection in Mail Manager
Mar 22, 2022
CVSS 8.8
EPSS 0.00
CVE-2021-36806 MEDIUM
Sophos Email Appliance < 4.5.3.4 - Reflected Cross-Site Scripting via Error Page
Nov 30, 2023
CVSS 4.7
EPSS 0.00
CVE-2021-25268 HIGH
Sophos Firewall <19.0 GA - Privilege Escalation
May 05, 2022
CVSS 8.4
EPSS 0.00
CVE-2021-25267 MEDIUM
Sophos Firewall <19.0 GA - Privilege Escalation
May 05, 2022
CVSS 6.8
EPSS 0.00
CVE-2021-25266 LOW
Sophos Authenticator <3.4 - Info Disclosure
Apr 27, 2022
CVSS 3.9
EPSS 0.00
CVE-2021-36809 MEDIUM
Sophos SSL VPN Client - Arbitrary File Write via VPN Client Logs
Mar 08, 2022
CVSS 6.1
EPSS 0.00
CVE-2021-36807 HIGH
Sophos Unified Threat Management Up2Date < 9.708 - Authenticated SQL Injection
Nov 26, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-25269 MEDIUM
Sophos Intercept X Advanced <2.0.23 - Privilege Escalation
Nov 26, 2021
CVSS 4.4
EPSS 0.00
CVE-2021-36808 MEDIUM
Sophos Secure Workspace < 9.7.3115 - Local Password Bypass via Race Condition
Oct 30, 2021
CVSS 5.9
EPSS 0.00
CVE-2021-25271 MEDIUM
HitmanPro <Build 318 - Privilege Escalation
Oct 08, 2021
CVSS 6.0
EPSS 0.00
CVE-2021-25270 MEDIUM
HitmanPro.Alert <Build 901 - Privilege Escalation
Oct 08, 2021
CVSS 6.7
EPSS 0.00
CVE-2021-25273 MEDIUM
Sophos Unified Threat Management < 9.706 - Stored Cross-Site Scripting in Quarantined Email Detail View
Jul 29, 2021
CVSS 4.8
EPSS 0.00
CVE-2021-25264 MEDIUM
Sophos Home < 10.0.3 - Local Privilege Escalation
May 17, 2021
CVSS 6.7
EPSS 0.00
CVE-2021-25265 HIGH
Sophos Connect < 2.1 - Remote Code Execution via Malicious Website
Mar 22, 2021
CVSS 8.8
EPSS 0.00
CVE-2020-36692 MEDIUM
Sophos Web Appliance <4.3.10.4 - XSS
Apr 04, 2023
CVSS 6.5
EPSS 0.00
CVE-2020-29574 CRITICAL KEV
Cyberoam OS - SQL Injection
Dec 11, 2020
CVSS 9.8
EPSS 0.12
Products
sophos_anti-virus 35 web_appliance 17 anti-virus 12 firewall_firmware 10 sophos_puremessage_anti-virus 9 unified_threat_management_software 9 xg_firewall_firmware 9 safeguard_easy_device_encryption_client 8 sfos 8 sophos_small_business_suite 8 safeguard_enterprise_client 7 safeguard_lan_crypt_client 7 unified_threat_management 6 web_appliance_firmware 6 connect 4 hitmanpro 4 hitmanpro.alert 4 scanning_engine 4 endpoint_protection 3 endpoint_security 3 firewall 3 puremessage_for_microsoft_exchange 3 small_business_suite 3 anti-virus7.6.3 2 cyberoamos 2 es1000 2 es4000 2 intercept_x 2 intercept_x_endpoint 2 intercept_x_for_server 2
Quick Filters
Critical CVEs With Exploits In CISA KEV