VYPR

Vendor CVEs

Sophos

All CVEs

166 total · sorted by risk
  • CVE-2009-20011CriAug 30, 2025
    risk 0.73cvss epss 0.01

    ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute…

  • CVE-2017-6315CriSep 19, 2017
    risk 0.68cvss 9.8epss 0.17

    Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.

  • CVE-2017-6182CriMar 30, 2017
    risk 0.68cvss 9.8epss 0.17

    In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

  • CVE-2012-6706CriJun 22, 2017
    risk 0.65cvss 9.8epss 0.10

    A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a…

  • CVE-2025-10159CriSep 9, 2025
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).

  • CVE-2015-7547HigFeb 18, 2016
    risk 0.63cvss 8.1epss 0.90

    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS…

  • CVE-2016-7786HigApr 7, 2017
    risk 0.61cvss 8.8epss 0.07

    Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.

  • CVE-2025-7433HigJul 17, 2025
    risk 0.57cvss 8.8epss 0.00

    A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.

  • CVE-2024-13972HigJul 17, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.

  • CVE-2024-8885HigOct 2, 2024
    risk 0.57cvss 8.8epss 0.00

    A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.

  • CVE-2017-6412HigMar 30, 2017
    risk 0.56cvss 8.1epss 0.08

    In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.

  • CVE-2016-6597HigAug 10, 2016
    risk 0.56cvss 8.6epss 0.04

    Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.

  • CVE-2018-9233HigApr 5, 2018
    risk 0.54cvss 7.8epss 0.02

    Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow…

  • CVE-2017-6008HigSep 13, 2017
    risk 0.54cvss 7.8epss 0.02

    A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.

  • CVE-2016-0778HigJan 14, 2016
    risk 0.54cvss 8.1epss 0.20

    The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a…

  • CVE-2016-9554HigJan 28, 2017
    risk 0.52cvss 7.2epss 0.24

    The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the…

  • CVE-2018-6857HigJul 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12…

  • CVE-2018-6856HigJul 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable…

  • CVE-2018-6855HigJul 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant…

  • CVE-2018-6854HigJul 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B,…

  • CVE-2018-6853HigJul 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable…

  • CVE-2018-6852HigJul 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset…

  • CVE-2018-6851HigJul 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0…

  • CVE-2018-6318HigFeb 2, 2018
    risk 0.51cvss 7.8epss 0.01

    In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its…

  • CVE-2017-7441HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some…

  • CVE-2016-9553HigJan 28, 2017
    risk 0.51cvss 7.2epss 0.19

    The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP…

  • CVE-2025-7472HigJul 17, 2025
    risk 0.49cvss 7.5epss 0.00

    A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.

  • CVE-2015-8605MedJan 14, 2016
    risk 0.48cvss 6.5epss 0.76

    ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

  • CVE-2017-6183HigMar 30, 2017
    risk 0.47cvss 7.2epss 0.03

    In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.

  • CVE-2016-0777MedJan 14, 2016
    risk 0.47cvss 6.5epss 0.63

    The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

  • CVE-2014-2005MedJun 25, 2014
    risk 0.44cvss 6.8epss 0.01

    Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a…

  • CVE-2016-9834MedJun 7, 2017
    risk 0.43cvss 6.1epss 0.02

    An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious…

  • CVE-2016-6217MedJan 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-18014MedJan 12, 2018
    risk 0.40cvss 6.1epss 0.02

    An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server…

  • CVE-2017-9523MedJun 9, 2017
    risk 0.40cvss 6.1epss 0.01

    The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.

  • CVE-2016-3968MedApr 6, 2016
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject…

  • CVE-2016-2046MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.03

    Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

  • CVE-2018-6319MedFeb 2, 2018
    risk 0.36cvss 5.5epss 0.00

    In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or…

  • CVE-2017-6007MedSep 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.

  • CVE-2017-6184MedMar 30, 2017
    risk 0.31cvss 4.7epss 0.03

    In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.

  • CVE-2016-7442MedOct 3, 2016
    risk 0.29cvss 4.4epss 0.01

    The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

  • CVE-2016-7397MedOct 3, 2016
    risk 0.29cvss 4.4epss 0.01

    The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

  • CVE-2023-1671KEVApr 4, 2023
    risk 0.23cvss epss 1.00

    A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

  • CVE-2022-1040KEVMar 25, 2022
    risk 0.23cvss epss 1.00

    An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

  • CVE-2020-25223KEVSep 25, 2020
    risk 0.23cvss epss 0.97

    A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

  • CVE-2022-3236KEVSep 23, 2022
    risk 0.19cvss epss 0.99

    A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

  • CVE-2013-4983Sep 10, 2013
    risk 0.10cvss epss 0.90

    The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.

  • CVE-2013-2641Mar 18, 2014
    risk 0.09cvss epss 0.71

    Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.

  • CVE-2014-2850Apr 11, 2014
    risk 0.08cvss epss 0.58

    The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

  • CVE-2014-2849Apr 11, 2014
    risk 0.08cvss epss 0.61

    The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

Page 1 of 4