Vulnerabilities > Sophos > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-09 | CVE-2018-6851 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. | 7.2 |
| 2018-04-24 | CVE-2016-9038 | Race Condition vulnerability in Sophos Invincea-X 6.1.324058 An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. | 7.8 |
| 2018-04-24 | CVE-2016-8732 | Permission Issues vulnerability in Sophos Invincea Dell Protected Workspace 5.1.122303 Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. | 7.8 |
| 2017-09-13 | CVE-2017-7441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7.20 In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. | 7.2 |
| 2017-03-30 | CVE-2017-6182 | OS Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | 7.5 |
| 2016-02-18 | CVE-2015-7547 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | 8.1 |
| 2016-01-14 | CVE-2016-0778 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. | 8.1 |
| 2014-04-11 | CVE-2014-2850 | OS Command Injection vulnerability in Sophos web Appliance and web Appliance Firmware The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. | 8.5 |
| 2014-04-11 | CVE-2014-2849 | Permissions, Privileges, and Access Controls vulnerability in Sophos web Appliance and web Appliance Firmware The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | 8.5 |
| 2014-03-18 | CVE-2014-2537 | Resource Management Errors vulnerability in Sophos products Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 7.8 |