Filtered by vendor Sophos
Subscribe
Total
160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2023-02-01 | N/A | 2.7 LOW |
| A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2020-14980 | 1 Sophos | 1 Sophos Secure Email | 2023-01-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | |||||
| CVE-2016-8732 | 1 Sophos | 1 Invincea Dell Protected Workspace | 2022-12-14 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | |||||
| CVE-2016-9038 | 1 Sophos | 1 Invincea-x | 2022-12-13 | 4.4 MEDIUM | 7.8 HIGH |
| An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability. | |||||
| CVE-2016-0778 | 5 Apple, Hp, Openbsd and 2 more | 6 Mac Os X, Virtual Customer Access System, Openssh and 3 more | 2022-12-13 | 4.6 MEDIUM | 8.1 HIGH |
| The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. | |||||
| CVE-2016-0777 | 5 Apple, Hp, Openbsd and 2 more | 7 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 4 more | 2022-12-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | |||||
| CVE-2022-3709 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-09 | N/A | 8.4 HIGH |
| A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3711 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-09 | N/A | 4.3 MEDIUM |
| A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-05 | N/A | 8.8 HIGH |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3696 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-05 | N/A | 7.2 HIGH |
| A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3226 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2022-12-05 | N/A | 7.2 HIGH |
| An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3980 | 1 Sophos | 1 Mobile | 2022-11-18 | N/A | 9.8 CRITICAL |
| An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | |||||
| CVE-2020-12271 | 1 Sophos | 2 Sfos, Xg Firewall | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords) | |||||
| CVE-2022-1807 | 1 Sophos | 1 Firewall | 2022-09-12 | N/A | 7.2 HIGH |
| Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | |||||
| CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2022-07-12 | 3.6 LOW | 6.0 MEDIUM |
| A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | |||||
| CVE-2021-25264 | 1 Sophos | 2 Home, Intercept X | 2022-07-12 | 7.2 HIGH | 6.7 MEDIUM |
| In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | |||||
| CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2022-05-13 | 6.0 MEDIUM | 8.4 HIGH |
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | |||||
| CVE-2021-25267 | 1 Sophos | 2 Firewall, Firewall Firmware | 2022-05-13 | 8.5 HIGH | 8.4 HIGH |
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | |||||
| CVE-2021-25266 | 1 Sophos | 2 Authenticator, Intercept X | 2022-05-06 | 2.1 LOW | 3.9 LOW |
| An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | |||||
| CVE-2021-25270 | 1 Sophos | 1 Hitmanpro.alert | 2022-05-03 | 7.2 HIGH | 6.7 MEDIUM |
| A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | |||||