sophos

173 tracked vulnerabilities.

CVE-2020-25223 CRITICAL KEVNUCLEI
Sophos Unified Threat Management < 9.511 - Remote Code Execution via WebAdmin SID Parameter
Sep 25, 2020
CVSS 9.8
EPSS 0.94
CVE-2020-17352 HIGH
Sophos XG Firewall <2020-08-05 - Command Injection
Aug 07, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-15504 CRITICAL
Sophos XG Firewall 17.0-18.0 MR1 - Remote Code Execution via SQL Injection
Jul 10, 2020
CVSS 9.8
EPSS 0.00
CVE-2020-15069 CRITICAL KEV
Sophos XG Firewall <17.5 MR12 - RCE
Jun 29, 2020
CVSS 9.8
EPSS 0.83
CVE-2020-14980 MEDIUM
Sophos Secure Email <3.9.4 - Info Disclosure
Jun 22, 2020
CVSS 5.9
EPSS 0.00
CVE-2020-11503 CRITICAL
Sophos SFOS < 17.5 - Remote Code Execution via Heap Overflow in awarrensmtp
Jun 18, 2020
CVSS 9.8
EPSS 0.00
CVE-2020-12271 CRITICAL KEV
Sophos SFOS 17.0, 17.1, 17.5, and 18.0 - SQL Injection
Apr 27, 2020
CVSS 9.8
EPSS 0.87
CVE-2020-10947 HIGH
Mac Endpoint for Sophos Central <9.9.6 - Mac Endpoint for Sophos Ho...
Apr 17, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-9540 HIGH
Sophos HitmanPro.Alert <build 861 - Privilege Escalation
Mar 02, 2020
CVSS 7.8
EPSS 0.00
CVE-2020-9363 HIGH
Sophos Cloud Optix < 2020-01-14 - Virus Detection Bypass via Crafted ZIP Archive
Feb 24, 2020
CVSS 7.8
EPSS 0.00
CVE-2019-17059 CRITICAL
Sophos Cyberoam < 10.6.6 - OS Command Injection via Web Admin and SSL VPN Consoles
Oct 11, 2019
CVSS 9.8
EPSS 0.06
CVE-2018-16118 HIGH
Sophos SFOS - OS Command Injection via X-Forwarded-For HTTP Header
Jun 20, 2019
CVSS 8.1
EPSS 0.00
CVE-2018-16117 HIGH
Sophos SFOS < 17.0 - Authenticated OS Command Injection via Admin Portal dbName Parameter
Jun 20, 2019
CVSS 8.8
EPSS 0.01
CVE-2018-16116 HIGH
Sophos SFOS - Authenticated SQL Injection via AccountStatus.jsp Username Parameter
Jun 20, 2019
CVSS 8.8
EPSS 0.00
CVE-2018-3971 HIGH
Sophos HitmanPro.Alert <3.7.6.744 - Memory Corruption
Oct 25, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-3970 MEDIUM
Sophos HitmanPro.Alert 3.7.6.744 - Kernel Memory Disclosure via 0x222000 IOCTL Handler
Oct 25, 2018
CVSS 5.5
EPSS 0.00
CVE-2018-6857 HIGH
Sophos SafeGuard Enterprise <8.00.5 / Easy <7.00.3 / LAN Crypt <3.95.2 - Local Privilege Escalation
Jul 09, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-6856 HIGH
Sophos SafeGuard Enterprise <8.00.5, SafeGuard Easy <7.00.3, SafeGuard LAN Crypt <3.95.2 - Local Privilege Escalation
Jul 09, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-6855 HIGH
Sophos SafeGuard Enterprise <8.00.5 / Easy <7.00.3 / LAN Crypt <3.95.2 - Local Privilege Escalation
Jul 09, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-6854 HIGH
Sophos Safeguard Easy Device Encryption Client - Memory Corruption
Jul 09, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-6853 HIGH
Sophos SafeGuard Enterprise <8.00.5 / Easy <7.00.3 / LAN Crypt <3.95.2 - Local Privilege Escalation
Jul 09, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-6852 HIGH
Sophos SafeGuard Enterprise <8.00.5 / Easy <7.00.3 / LAN Crypt <3.95.2 - Local Privilege Escalation
Jul 09, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-6851 HIGH
Sophos SafeGuard Enterprise, Easy, and LAN Crypt - Local Privilege Escalation via IOCTL 0x80206040
Jul 09, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-9233 HIGH
Sophos Endpoint Protection 10.7 - Info Disclosure
Apr 05, 2018
CVSS 7.8
EPSS 0.00
CVE-2018-4863 MEDIUM
Sophos Endpoint Protection 10.7 - Tamper Protection Bypass via Registry Key Deletion
Apr 05, 2018
CVSS 5.5
EPSS 0.00
Products
sophos_anti-virus 35 web_appliance 17 anti-virus 12 firewall_firmware 10 sophos_puremessage_anti-virus 9 unified_threat_management_software 9 xg_firewall_firmware 9 safeguard_easy_device_encryption_client 8 sfos 8 sophos_small_business_suite 8 safeguard_enterprise_client 7 safeguard_lan_crypt_client 7 unified_threat_management 6 web_appliance_firmware 6 connect 4 hitmanpro 4 hitmanpro.alert 4 scanning_engine 4 endpoint_protection 3 endpoint_security 3 firewall 3 puremessage_for_microsoft_exchange 3 small_business_suite 3 anti-virus7.6.3 2 cyberoamos 2 es1000 2 es4000 2 intercept_x 2 intercept_x_endpoint 2 intercept_x_for_server 2
Quick Filters
Critical CVEs With Exploits In CISA KEV