Vulnerabilities > Sophos > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-20 | CVE-2018-16116 | SQL Injection vulnerability in Sophos Sfos 17.0.8 SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | 8.8 |
2019-04-09 | CVE-2017-17023 | Insufficient Verification of Data Authenticity vulnerability in multiple products The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). | 8.1 |
2018-10-25 | CVE-2018-3971 | Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. | 7.8 |
2018-07-09 | CVE-2018-6857 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. | 7.8 |
2018-07-09 | CVE-2018-6856 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. | 7.8 |
2018-07-09 | CVE-2018-6855 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. | 7.8 |
2018-07-09 | CVE-2018-6854 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. | 7.8 |
2018-07-09 | CVE-2018-6853 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. | 7.8 |
2018-07-09 | CVE-2018-6852 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. | 7.8 |
2018-07-09 | CVE-2018-6851 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. | 7.8 |