Vulnerabilities > Sophos > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2018-6318 Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.).
network
sophos CWE-426
critical
9.3
2017-09-19 CVE-2017-6315 Improper Input Validation vulnerability in Sophos Astaro Security Gateway Firmware 7.500/7.506
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
network
low complexity
sophos CWE-20
critical
10.0
2017-06-22 CVE-2012-6706 Integer Overflow or Wraparound vulnerability in multiple products
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution.
network
low complexity
sophos rarlab CWE-190
critical
10.0
2017-04-07 CVE-2016-7786 Permissions, Privileges, and Access Controls vulnerability in Sophos Cyberoam Cr25Ing UTM Firmware 10.6.2
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp.
network
low complexity
sophos CWE-264
critical
9.0
2017-01-28 CVE-2016-9554 Command Injection vulnerability in Sophos web Appliance 4.2.1.3
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface.
network
low complexity
sophos CWE-77
critical
9.0
2017-01-28 CVE-2016-9553 Command Injection vulnerability in Sophos web Appliance 4.2.1.3
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface.
network
low complexity
sophos CWE-77
critical
9.0
2014-03-18 CVE-2013-2642 OS Command Injection vulnerability in Sophos web Appliance and web Appliance Firmware
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
network
sophos CWE-78
critical
9.3
2013-09-23 CVE-2013-5932 Unspecified vulnerability in Sophos Unified Threat Management Software 9.007
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.
network
low complexity
sophos
critical
10.0
2013-09-10 CVE-2013-4983 OS Command Injection vulnerability in Sophos web Appliance Firmware
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
network
low complexity
sophos CWE-78
critical
10.0
2009-08-06 CVE-2008-6904 File Processing Remote Denial Of Service vulnerability in Sophos Anti-Virus and Anti-Virus7.6.3
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE.
network
low complexity
sophos
critical
10.0