Filtered by vendor Sophos
Subscriptions
Total
160 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-48310 | 1 Sophos | 1 Connect | 2024-08-03 | 5.5 Medium |
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | ||||
CVE-2022-48309 | 1 Sophos | 1 Connect | 2024-08-03 | 4.3 Medium |
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | ||||
CVE-2022-4934 | 1 Sophos | 1 Web Appliance | 2024-08-03 | 7.2 High |
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | ||||
CVE-2022-4901 | 1 Sophos | 1 Connect | 2024-08-03 | 3.3 Low |
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | ||||
CVE-2022-3980 | 1 Sophos | 1 Mobile | 2024-08-03 | 9.8 Critical |
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | ||||
CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-08-03 | 8.8 High |
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | ||||
CVE-2022-3711 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-08-03 | 4.3 Medium |
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. | ||||
CVE-2022-3709 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-08-03 | 6.8 Medium |
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. | ||||
CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-08-03 | 2.7 Low |
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. | ||||
CVE-2022-3696 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-08-03 | 7.2 High |
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | ||||
CVE-2022-3226 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-08-03 | 7.2 High |
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. | ||||
CVE-2022-3236 | 1 Sophos | 1 Firewall | 2024-08-03 | 9.8 Critical |
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | ||||
CVE-2022-1807 | 1 Sophos | 1 Firewall | 2024-08-03 | 7.2 High |
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | ||||
CVE-2022-1040 | 1 Sophos | 1 Sfos | 2024-08-02 | 9.8 Critical |
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | ||||
CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2024-08-02 | 3.3 Low |
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | ||||
CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2024-08-02 | 8.8 High |
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | ||||
CVE-2022-0331 | 1 Sophos | 1 Sfos | 2024-08-02 | 5.3 Medium |
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | ||||
CVE-2023-33335 | 1 Sophos | 1 Iview | 2024-08-02 | 6.1 Medium |
Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. | ||||
CVE-2023-33336 | 1 Sophos | 1 Web Appliance | 2024-08-02 | 4.8 Medium |
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | ||||
CVE-2023-1671 | 1 Sophos | 1 Web Appliance | 2024-08-02 | 9.8 Critical |
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. |