Vulnerabilities > Sophos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-24 | CVE-2016-9038 | Race Condition vulnerability in Sophos Invincea-X 6.1.324058 An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. | 7.8 |
| 2018-04-24 | CVE-2016-8732 | Permission Issues vulnerability in Sophos Invincea Dell Protected Workspace 5.1.122303 Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. | 7.8 |
| 2018-04-05 | CVE-2018-9233 | Use of Password Hash With Insufficient Computational Effort vulnerability in Sophos Endpoint Protection 10.7 Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches. | 7.8 |
| 2018-04-05 | CVE-2018-4863 | 7PK - Security Features vulnerability in Sophos Endpoint Protection 10.7 Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. | 5.5 |
| 2018-02-02 | CVE-2018-6319 | NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. | 5.5 |
| 2018-02-02 | CVE-2018-6318 | Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). | 7.8 |
| 2018-01-26 | CVE-2016-6217 | Cross-site Scripting vulnerability in Sophos Puremessage Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-01-12 | CVE-2017-18014 | Cross-site Scripting vulnerability in Sophos Sfos 15.01.0/16.5/17.0 An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. | 6.1 |
| 2017-09-19 | CVE-2017-6315 | Improper Input Validation vulnerability in Sophos Astaro Security Gateway Firmware 7.500/7.506 Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. | 9.8 |
| 2017-09-13 | CVE-2017-7441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7/3.7.20 In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. | 7.8 |