Vulnerabilities > Sophos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-05 | CVE-2018-4863 | 7PK - Security Features vulnerability in Sophos Endpoint Protection 10.7 Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. | 2.1 |
| 2018-02-02 | CVE-2018-6319 | NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. | 4.9 |
| 2018-02-02 | CVE-2018-6318 | Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). | 9.3 |
| 2018-01-26 | CVE-2016-6217 | Cross-site Scripting vulnerability in Sophos Puremessage Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2018-01-12 | CVE-2017-18014 | Cross-site Scripting vulnerability in Sophos Sfos 17.0 An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. | 4.3 |
| 2017-09-19 | CVE-2017-6315 | Improper Input Validation vulnerability in Sophos Astaro Security Gateway Firmware 7.500/7.506 Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. | 10.0 |
| 2017-09-13 | CVE-2017-7441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7.20 In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. | 7.2 |
| 2017-09-13 | CVE-2017-6008 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7.20 A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call. | 4.6 |
| 2017-09-13 | CVE-2017-6007 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7.20 A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call. | 4.9 |
| 2017-06-22 | CVE-2012-6706 | Integer Overflow or Wraparound vulnerability in multiple products A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. | 10.0 |