Vulnerabilities > Sophos > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-10 CVE-2020-15504 SQL Injection vulnerability in Sophos XG Firewall Firmware 17.0/17.5/18.0
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely.
network
low complexity
sophos CWE-89
7.5
2020-06-29 CVE-2020-15069 Classic Buffer Overflow vulnerability in Sophos XG Firewall Firmware 17.0/17.5
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access.
network
low complexity
sophos CWE-120
7.5
2020-06-18 CVE-2020-11503 Out-of-bounds Write vulnerability in Sophos Sfos 17.0/17.1/17.5
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.
network
low complexity
sophos CWE-787
7.5
2018-10-25 CVE-2018-3971 Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744
An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744.
local
low complexity
sophos CWE-123
7.8
2018-07-09 CVE-2018-6857 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0.
local
low complexity
sophos CWE-119
7.2
2018-07-09 CVE-2018-6856 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C.
local
low complexity
sophos CWE-119
7.2
2018-07-09 CVE-2018-6855 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014.
local
low complexity
sophos CWE-119
7.2
2018-07-09 CVE-2018-6854 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047.
local
low complexity
sophos CWE-119
7.2
2018-07-09 CVE-2018-6853 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024.
local
low complexity
sophos CWE-119
7.2
2018-07-09 CVE-2018-6852 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298.
local
low complexity
sophos CWE-119
7.2