Vulnerabilities > Sophos > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2018-6318 | Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). | 9.3 |
| 2017-09-19 | CVE-2017-6315 | Improper Input Validation vulnerability in Sophos Astaro Security Gateway Firmware 7.500/7.506 Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. | 10.0 |
| 2017-06-22 | CVE-2012-6706 | Integer Overflow or Wraparound vulnerability in multiple products A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. | 10.0 |
| 2017-04-07 | CVE-2016-7786 | Permissions, Privileges, and Access Controls vulnerability in Sophos Cyberoam Cr25Ing UTM Firmware 10.6.2 Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. | 9.0 |
| 2017-01-28 | CVE-2016-9554 | Command Injection vulnerability in Sophos web Appliance 4.2.1.3 The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. | 9.0 |
| 2017-01-28 | CVE-2016-9553 | Command Injection vulnerability in Sophos web Appliance 4.2.1.3 The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. | 9.0 |
| 2014-03-18 | CVE-2013-2642 | OS Command Injection vulnerability in Sophos web Appliance and web Appliance Firmware Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | 9.3 |
| 2013-09-23 | CVE-2013-5932 | Unspecified vulnerability in Sophos Unified Threat Management Software 9.007 Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors. | 10.0 |
| 2013-09-10 | CVE-2013-4983 | OS Command Injection vulnerability in Sophos web Appliance Firmware The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | 10.0 |
| 2009-08-06 | CVE-2008-6904 | File Processing Remote Denial Of Service vulnerability in Sophos Anti-Virus and Anti-Virus7.6.3 Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE. | 10.0 |