Skip to main content

Mobile

3 CVEs product

Monthly

CVE-2022-3980 CRITICAL POC PATCH Act Now

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Sophos RCE SSRF XXE Mobile
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2020-9363 HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix Endpoint Protection Intercept X Endpoint +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2014-8346 HIGH POC This Week

The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Samsung Denial Of Service Code Injection Findmymobile +1
NVD
CVSS 2.0
7.8
EPSS
0.5%
EPSS 8% CVSS 9.8
CRITICAL POC PATCH Act Now

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Sophos RCE SSRF +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix +5
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Samsung Denial Of Service +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy