CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
Showing 7 of 7 CVEs matching "Sophos"
Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.
CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).