Filtered by vendor Sophos
Subscriptions
Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3971 | 1 Sophos | 1 Hitmanpro.alert | 2024-11-21 | 7.8 High |
| An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability. | ||||
| CVE-2018-3970 | 1 Sophos | 1 Hitmanpro.alert | 2024-11-21 | 5.5 Medium |
| An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. | ||||
| CVE-2018-16118 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-11-21 | N/A |
| A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | ||||
| CVE-2018-16117 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-11-21 | 8.8 High |
| A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. | ||||
| CVE-2018-16116 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-11-21 | N/A |
| SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | ||||
| CVE-2017-18014 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-11-21 | N/A |
| An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request. | ||||
| CVE-2017-17023 | 2 Ncp-e, Sophos | 2 Ncp Secure Entry Client, Ipsec Client | 2024-11-21 | N/A |
| The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it. | ||||
| CVE-2016-9038 | 1 Sophos | 1 Invincea-x | 2024-11-21 | 7.8 High |
| An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability. | ||||
| CVE-2016-8732 | 1 Sophos | 1 Invincea Dell Protected Workspace | 2024-11-21 | 7.8 High |
| Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | ||||
| CVE-2016-6217 | 2 Linux, Sophos | 2 Linux Kernel, Puremessage | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2024-8885 | 1 Sophos | 1 Intercept X | 2024-10-04 | 8.8 High |
| A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. | ||||