Sophos: Security Vulnerabilities
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-11-26
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
CVSS Score
5.9
EPSS Score
0.0
Published
2021-10-30
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-10-08
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.
CVSS Score
6.0
EPSS Score
0.001
Published
2021-10-08
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVSS Score
4.8
EPSS Score
0.001
Published
2021-07-29
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-05-17
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-03-22
CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
Known exploited
CVSS Score
9.8
EPSS Score
0.139
Published
2020-12-11
CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-09-25
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.022
Published
2020-08-07