Vulnerabilities > Sophos > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-20 CVE-2018-16116 SQL Injection vulnerability in Sophos Sfos 17.0.8
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
network
low complexity
sophos CWE-89
8.8
2019-04-09 CVE-2017-17023 Insufficient Verification of Data Authenticity vulnerability in multiple products
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com).
network
high complexity
sophos ncp-e CWE-345
8.1
2018-10-25 CVE-2018-3971 Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744
An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744.
local
low complexity
sophos CWE-123
7.8
2018-07-09 CVE-2018-6857 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0.
local
low complexity
sophos CWE-119
7.8
2018-07-09 CVE-2018-6856 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C.
local
low complexity
sophos CWE-119
7.8
2018-07-09 CVE-2018-6855 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014.
local
low complexity
sophos CWE-119
7.8
2018-07-09 CVE-2018-6854 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047.
local
low complexity
sophos CWE-119
7.8
2018-07-09 CVE-2018-6853 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024.
local
low complexity
sophos CWE-119
7.8
2018-07-09 CVE-2018-6852 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298.
local
low complexity
sophos CWE-119
7.8
2018-07-09 CVE-2018-6851 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos products
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040.
local
low complexity
sophos CWE-119
7.8