Scanning Engine
by Sophos
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4578 | 0.01 | — | 0.07 | Aug 28, 2007 | Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is… | |||
| CVE-2006-6335 | 0.01 | — | 0.12 | Dec 12, 2006 | Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length… | |||
| CVE-2014-1213 | 0.00 | — | 0.01 | Feb 10, 2014 | Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service… | |||
| CVE-2007-4787 | 0.00 | — | 0.06 | Sep 10, 2007 | The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. | |||
| CVE-2007-4577 | 0.00 | — | 0.06 | Aug 28, 2007 | Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). |
- CVE-2007-4578Aug 28, 2007risk 0.01cvss —epss 0.07
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is…
- CVE-2006-6335Dec 12, 2006risk 0.01cvss —epss 0.12
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length…
- CVE-2014-1213Feb 10, 2014risk 0.00cvss —epss 0.01
Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service…
- CVE-2007-4787Sep 10, 2007risk 0.00cvss —epss 0.06
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
- CVE-2007-4577Aug 28, 2007risk 0.00cvss —epss 0.06
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").