Filtered by vendor Sophos
Subscribe
Total
161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2252 | 1 Sophos | 1 Astaro Security Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||||
| CVE-2005-3216 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2004-0932 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2025-04-03 | 7.5 HIGH | N/A |
| McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2006-0994 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. | |||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2025-03-27 | N/A | 9.8 CRITICAL |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | |||||
| CVE-2022-1040 | 1 Sophos | 1 Sfos | 2025-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | |||||
| CVE-2023-1671 | 1 Sophos | 1 Web Appliance | 2025-03-13 | N/A | 9.8 CRITICAL |
| A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | |||||
| CVE-2022-4901 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 3.3 LOW |
| Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | |||||
| CVE-2022-48310 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | |||||
| CVE-2022-48309 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 4.3 MEDIUM |
| A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. | |||||
| CVE-2022-4934 | 1 Sophos | 1 Web Appliance | 2025-02-11 | N/A | 7.2 HIGH |
| A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | |||||
| CVE-2020-36692 | 1 Sophos | 1 Web Appliance | 2025-02-11 | N/A | 6.5 MEDIUM |
| A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. | |||||
| CVE-2023-5552 | 1 Sophos | 1 Firewall | 2024-11-21 | N/A | 7.1 HIGH |
| A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | |||||
| CVE-2023-33336 | 1 Sophos | 1 Web Appliance | 2024-11-21 | N/A | 4.8 MEDIUM |
| Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | |||||
| CVE-2023-33335 | 1 Sophos | 1 Iview | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. | |||||
| CVE-2022-1807 | 1 Sophos | 1 Firewall | 2024-11-21 | N/A | 7.2 HIGH |
| Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | |||||
| CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | |||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
| CVE-2022-0331 | 1 Sophos | 1 Sfos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | |||||
| CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | |||||