Filtered by vendor Sophos
Subscribe
Total
152 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1456 | 18 Aladdin, Avg, Cat and 15 more | 20 Esafe, Avg Anti-virus, Quick Heal and 17 more | 2017-08-28 | 4.3 MEDIUM | N/A |
The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
CVE-2012-1427 | 3 Cat, Norman, Sophos | 3 Quick Heal, Norman Antivirus \& Antispyware, Sophos Anti-virus | 2017-08-28 | 4.3 MEDIUM | N/A |
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
CVE-2008-7105 | 1 Sophos | 1 Puremessage For Microsoft Exchange | 2017-08-16 | 5.0 MEDIUM | N/A |
Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104. | |||||
CVE-2008-7104 | 1 Sophos | 1 Puremessage For Microsoft Exchange | 2017-08-16 | 5.0 MEDIUM | N/A |
Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file. | |||||
CVE-2008-6904 | 1 Sophos | 2 Anti-virus, Anti-virus7.6.3 | 2017-08-16 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE. | |||||
CVE-2008-7106 | 1 Sophos | 1 Puremessage For Microsoft Exchange | 2017-08-16 | 5.0 MEDIUM | N/A |
The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay). | |||||
CVE-2008-3177 | 1 Sophos | 5 Email Appliance, Es1000, Es4000 and 2 more | 2017-08-07 | 5.0 MEDIUM | N/A |
Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. | |||||
CVE-2007-4787 | 1 Sophos | 2 Scanning Engine, Sophos Anti-virus | 2017-07-28 | 5.0 MEDIUM | N/A |
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. | |||||
CVE-2006-4839 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-19 | 5.0 MEDIUM | N/A |
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | |||||
CVE-2005-2768 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length. | |||||
CVE-2005-1530 | 1 Sophos | 5 Sophos Anti-virus, Sophos Mailmonitor, Sophos Mailmonitor For Notes Domino and 2 more | 2017-07-10 | 5.0 MEDIUM | N/A |
Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value. | |||||
CVE-2005-1551 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-10 | 5.1 MEDIUM | N/A |
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot. | |||||
CVE-2004-2075 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-10 | 5.0 MEDIUM | N/A |
Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated. | |||||
CVE-2004-2088 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-10 | 5.0 MEDIUM | N/A |
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message. | |||||
CVE-2004-0552 | 1 Sophos | 1 Small Business Suite | 2017-07-10 | 7.5 HIGH | N/A |
Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed. | |||||
CVE-2017-9523 | 1 Sophos | 1 Web Appliance | 2017-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | |||||
CVE-2016-9834 | 1 Sophos | 2 Cyberoam, Cyberoam Firmware | 2017-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp. | |||||
CVE-2017-6412 | 1 Sophos | 1 Web Appliance | 2017-04-14 | 6.8 MEDIUM | 8.1 HIGH |
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | |||||
CVE-2017-6184 | 1 Sophos | 1 Web Appliance | 2017-04-04 | 6.5 MEDIUM | 4.7 MEDIUM |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | |||||
CVE-2017-6183 | 1 Sophos | 1 Web Appliance | 2017-04-04 | 6.5 MEDIUM | 7.2 HIGH |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. |