MINI-F24G-2P3C-3MR3

Bulletin has no description...

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 20.0.3...

CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 20.0.3...

CVE-2023-5552

A password disclosure vulnerability in the Secure PDF eXchange SPX feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 19.5.3 and older, if the password type is set to “Specified by sender”...

Cross site scripting

A password disclosure vulnerability in the Secure PDF eXchange SPX feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 19.5.3 and older, if the password type is set to “Specified by sender”...

PT-2023-25845 · Veritas · Veritas Netbackup Appliance

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup Appliance versions prior to 4.1.0.1 MR3 Description: The issue allows an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH due to insecure permissions. Recommendations:...

Sophos MR3 Firewall Remote Code Execution (CVE-2022-1040)

A remote code execution vulnerability exists in Sophos MR3 Firewall. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

Type confusion

Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236MR1; 8.20 versions prior to 8.20.1166MR3; 8.10 versions prior to 8.10.1211MR5; versi...

Security Bulletin: SQL Injection and Incorrect Handling of SSH Connection vulnerability in QRadar (CVE-2014-4824, CVE-2014-4826)

Summary IBM QRadar 7.2 MR2 contains SQL Injection and Incorrect Handling of SSH Connection vulnerabilities . Vulnerability Details CVE ID: CVE-2014-4824 DESCRIPTION: IBM QRadar is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the...

CVE-2017-18014

Summary: CVE-2017-18014 affects Sophos XG Firewall with SFOS before 17.0.3 MR3. The vulnerability is a persistent XSS in the WAF log page (Control Center → Log Viewer → filter “Web Server Protection”) that is triggered by the HTTP POST User-Agent parameter. It is exploitable by an unauthenticated...

Symantec AntiVirus Corporate Edition 9.0 and Symantec Client Security 2.0 Help File Elevation of Pri

SUMMARY The Symantec AntiVirus Corporate Edition HTML client help function uses HTML help, the Windows help interface, to provide support to the client user. A non-privileged client user can manipulate the help function to access files on the system with local SYSTEM privileges. Risk Impact Mediu...