Vulnerabilities > Sophos > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2018-6319 NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument.
local
low complexity
sophos CWE-476
4.9
2018-01-26 CVE-2016-6217 Cross-site Scripting vulnerability in Sophos Puremessage
Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
sophos linux CWE-79
4.3
2018-01-12 CVE-2017-18014 Cross-site Scripting vulnerability in Sophos Sfos 17.0
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3.
network
sophos CWE-79
4.3
2017-09-13 CVE-2017-6008 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7.20
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
local
low complexity
sophos CWE-119
4.6
2017-09-13 CVE-2017-6007 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7.20
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.
local
low complexity
sophos CWE-119
4.9
2017-06-09 CVE-2017-9523 Cross-site Scripting vulnerability in Sophos web Appliance
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
network
sophos CWE-79
4.3
2017-06-07 CVE-2016-9834 Cross-site Scripting vulnerability in Sophos Cyberoam Firmware
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4.
network
sophos CWE-79
4.3
2017-03-30 CVE-2017-6412 Session Fixation vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
network
sophos CWE-384
6.8
2017-03-30 CVE-2017-6184 Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
network
low complexity
sophos CWE-77
6.5
2017-03-30 CVE-2017-6183 Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
network
low complexity
sophos CWE-77
6.5