Vulnerabilities > Sophos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2017-18014 | Cross-site Scripting vulnerability in Sophos Sfos 15.01.0/16.5/17.0 An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. | 6.1 |
| 2017-09-13 | CVE-2017-6007 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7/3.7.20 A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call. | 5.5 |
| 2017-06-09 | CVE-2017-9523 | Cross-site Scripting vulnerability in Sophos web Appliance The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | 6.1 |
| 2017-06-07 | CVE-2016-9834 | Cross-site Scripting vulnerability in Sophos Cyberoam Firmware 10.6.4 An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. | 6.1 |
| 2017-03-30 | CVE-2017-6184 | Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | 4.7 |
| 2016-10-03 | CVE-2016-7442 | Information Exposure vulnerability in Sophos Unified Threat Management Software The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab. | 4.4 |
| 2016-10-03 | CVE-2016-7397 | Information Exposure vulnerability in Sophos Unified Threat Management Software The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. | 4.4 |
| 2016-04-06 | CVE-2016-3968 | Cross-site Scripting vulnerability in Sophos products Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. | 6.1 |
| 2016-02-17 | CVE-2016-2046 | Cross-site Scripting vulnerability in Sophos Unified Threat Management Software Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 6.1 |
| 2016-01-14 | CVE-2016-0777 | Information Exposure vulnerability in multiple products The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | 6.5 |