Filtered by vendor Sophos
Subscribe
Total
169 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0935 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2026-04-16 | 7.5 HIGH | N/A |
| Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2005-3382 | 1 Sophos | 1 Sophos Anti-virus | 2026-04-16 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2004-0552 | 1 Sophos | 1 Small Business Suite | 2026-04-16 | 7.5 HIGH | N/A |
| Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed. | |||||
| CVE-2024-13973 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 6.8 MEDIUM |
| A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | |||||
| CVE-2024-13974 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 8.1 HIGH |
| A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution. | |||||
| CVE-2025-7382 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 8.8 HIGH |
| A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled. | |||||
| CVE-2025-7624 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. | |||||
| CVE-2024-12727 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-12 | N/A | 9.8 CRITICAL |
| A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. | |||||
| CVE-2024-12728 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-12 | N/A | 9.8 CRITICAL |
| A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). | |||||
| CVE-2024-12729 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-12 | N/A | 8.8 HIGH |
| A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). | |||||
| CVE-2020-29574 | 1 Sophos | 1 Cyberoamos | 2025-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | |||||
| CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2025-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | |||||
| CVE-2020-15069 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. | |||||
| CVE-2020-12271 | 1 Sophos | 2 Sfos, Xg Firewall | 2025-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords) | |||||
| CVE-2022-1040 | 1 Sophos | 1 Sfos | 2025-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. | |||||
| CVE-2023-1671 | 1 Sophos | 1 Web Appliance | 2025-10-27 | N/A | 9.8 CRITICAL |
| A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | |||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2025-10-27 | N/A | 9.8 CRITICAL |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | |||||
| CVE-2025-6704 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-08-18 | N/A | 9.8 CRITICAL |
| An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode. | |||||
| CVE-2022-1807 | 1 Sophos | 1 Firewall | 2025-06-17 | N/A | 7.2 HIGH |
| Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. | |||||
| CVE-2024-13861 | 2 Debian, Sophos | 2 Debian Linux, Taegis Endpoint Agent | 2025-05-07 | N/A | 7.8 HIGH |
| A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected. | |||||