Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2020-29574 KEV |
|
[KEV] SQL Injection in Sophos cyberoamos (CVE-2020-29574)
SQL injection in Sophos cyberoamos (CVE-2020-29574). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-15069 KEV |
|
[KEV] Vulnerability in Sophos xg-firewall (CVE-2020-15069)
vulnerability in Sophos xg-firewall (CVE-2020-15069). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-1671 KEV |
|
[KEV] Command Injection in Sophos web-appliance (CVE-2023-1671)
command injection in Sophos web-appliance (CVE-2023-1671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-3236 KEV |
|
[KEV] Code Injection in Sophos firewall (CVE-2022-3236)
code injection in Sophos firewall (CVE-2022-3236). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-1040 KEV |
|
[KEV] Vulnerability in Sophos firewall (CVE-2022-1040)
vulnerability in Sophos firewall (CVE-2022-1040). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-25223 KEV |
|
[KEV] OS Command Injection in Sophos sg-utm (CVE-2020-25223)
OS command injection in Sophos sg-utm (CVE-2020-25223). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-12271 KEV |
|
[KEV] SQL Injection in Sophos sfos (CVE-2020-12271)
SQL injection in Sophos sfos (CVE-2020-12271). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-6315 |
|
Vulnerability in sophos (CVE-2017-6315)
vulnerability in sophos (CVE-2017-6315). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7441 |
|
Buffer Overflow in sophos (CVE-2017-7441)
vulnerability in sophos (CVE-2017-7441). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6008 |
|
Buffer Overflow in sophos (CVE-2017-6008)
vulnerability in sophos (CVE-2017-6008). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6007 |
|
Buffer Overflow in sophos (CVE-2017-6007)
vulnerability in sophos (CVE-2017-6007). Risk of unauthorized operations or information disclosure.
|
| CVE-2012-6706 |
|
Vulnerability in sophos (CVE-2012-6706)
vulnerability in sophos (CVE-2012-6706). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9523 |
|
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
|
| CVE-2016-9834 |
|
Cross-Site Scripting (XSS) in sophos (CVE-2016-9834)
cross-site scripting in sophos (CVE-2016-9834). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-7786 |
|
Vulnerability in sophos (CVE-2016-7786)
vulnerability in sophos (CVE-2016-7786). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.6.5` or later.
|
| CVE-2017-6184 |
|
Command Injection in sophos (CVE-2017-6184)
command injection in sophos (CVE-2017-6184). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-6183 |
|
Command Injection in sophos (CVE-2017-6183)
command injection in sophos (CVE-2017-6183). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6182 |
|
OS Command Injection in sophos (CVE-2017-6182)
OS command injection in sophos (CVE-2017-6182). Successful exploitation can lead to full system takeover.
|
| CVE-2016-9554 |
|
Command Injection in sophos (CVE-2016-9554)
command injection in sophos (CVE-2016-9554). Successful exploitation can lead to full system takeover.
|
| CVE-2016-9553 |
|
Command Injection in sophos (CVE-2016-9553)
command injection in sophos (CVE-2016-9553). Successful exploitation can lead to full system takeover.
|
| CVE-2016-0778 |
|
Buffer Overflow in c (CVE-2016-0778)
vulnerability in c (CVE-2016-0778). Successful exploitation can lead to full system takeover.
|
| CVE-2016-0777 |
|
Information Disclosure in c (CVE-2016-0777)
vulnerability in c (CVE-2016-0777). Confidential information can be exposed externally.
|