Filtered by vendor Sophos
Subscribe
Total
162 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36692 | 1 Sophos | 1 Web Appliance | 2025-02-11 | N/A | 5.4 MEDIUM |
| A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. | |||||
| CVE-2022-4934 | 1 Sophos | 1 Web Appliance | 2025-02-11 | N/A | 7.2 HIGH |
| A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | |||||
| CVE-2010-5177 | 2 Microsoft, Sophos | 2 Windows Xp, Sophos Endpoint Security And Control | 2024-08-07 | 6.2 MEDIUM | N/A |
| Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2004-2252 | 1 Sophos | 1 Astaro Security Linux | 2024-02-13 | 5.0 MEDIUM | N/A |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||||
| CVE-2021-36806 | 1 Sophos | 1 Email Appliance | 2023-12-05 | N/A | 6.1 MEDIUM |
| A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4. | |||||
| CVE-2023-33336 | 1 Sophos | 1 Web Appliance | 2023-11-07 | N/A | 4.8 MEDIUM |
| Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | |||||
| CVE-2023-33335 | 1 Sophos | 1 Iview | 2023-11-07 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. | |||||
| CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2023-11-07 | 2.1 LOW | 7.8 HIGH |
| Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | |||||
| CVE-2023-5552 | 1 Sophos | 1 Firewall | 2023-10-25 | N/A | 7.5 HIGH |
| A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | |||||
| CVE-2022-0331 | 1 Sophos | 1 Sfos | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | |||||
| CVE-2015-7547 | 10 Canonical, Debian, F5 and 7 more | 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more | 2023-02-12 | 6.8 MEDIUM | 8.1 HIGH |
| Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | |||||
| CVE-2018-3970 | 1 Sophos | 1 Hitmanpro.alert | 2023-02-02 | 2.1 LOW | 5.5 MEDIUM |
| An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. | |||||
| CVE-2018-3971 | 1 Sophos | 1 Hitmanpro.alert | 2023-02-02 | 7.2 HIGH | 7.8 HIGH |
| An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability. | |||||
| CVE-2020-14980 | 1 Sophos | 1 Sophos Secure Email | 2023-01-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | |||||
| CVE-2016-8732 | 1 Sophos | 1 Invincea Dell Protected Workspace | 2022-12-14 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | |||||
| CVE-2016-9038 | 1 Sophos | 1 Invincea-x | 2022-12-13 | 4.4 MEDIUM | 7.8 HIGH |
| An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability. | |||||
| CVE-2016-0777 | 5 Apple, Hp, Openbsd and 2 more | 7 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 4 more | 2022-12-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | |||||
| CVE-2016-0778 | 5 Apple, Hp, Openbsd and 2 more | 6 Mac Os X, Virtual Customer Access System, Openssh and 3 more | 2022-12-13 | 4.6 MEDIUM | 8.1 HIGH |
| The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. | |||||
| CVE-2021-36809 | 1 Sophos | 1 Ssl Vpn Client | 2022-07-12 | 3.6 LOW | 6.0 MEDIUM |
| A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client. | |||||
| CVE-2021-25264 | 1 Sophos | 2 Home, Intercept X | 2022-07-12 | 7.2 HIGH | 6.7 MEDIUM |
| In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | |||||