Anti Virus
by Sophos
CVEs (48)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4512 | 0.00 | — | 0.05 | Sep 10, 2007 | Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not… | |||
| CVE-2007-4577 | 0.00 | — | 0.06 | Aug 28, 2007 | Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). | |||
| CVE-2006-4839 | 0.00 | — | 0.03 | Nov 1, 2006 | Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | |||
| CVE-2005-3382 | 0.00 | — | 0.04 | Oct 30, 2005 | Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type… | |||
| CVE-2005-3216 | 0.00 | — | 0.05 | Oct 14, 2005 | Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar… | |||
| CVE-2005-1530 | 0.00 | — | 0.06 | Jul 19, 2005 | Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value. | |||
| CVE-2005-1551 | 0.00 | — | 0.04 | May 14, 2005 | Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot. | |||
| CVE-2004-2075 | 0.00 | — | 0.02 | Dec 31, 2004 | Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated. |
- CVE-2007-4512Sep 10, 2007risk 0.00cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not…
- CVE-2007-4577Aug 28, 2007risk 0.00cvss —epss 0.06
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
- CVE-2006-4839Nov 1, 2006risk 0.00cvss —epss 0.03
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
- CVE-2005-3382Oct 30, 2005risk 0.00cvss —epss 0.04
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type…
- CVE-2005-3216Oct 14, 2005risk 0.00cvss —epss 0.05
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar…
- CVE-2005-1530Jul 19, 2005risk 0.00cvss —epss 0.06
Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.
- CVE-2005-1551May 14, 2005risk 0.00cvss —epss 0.04
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.
- CVE-2004-2075Dec 31, 2004risk 0.00cvss —epss 0.02
Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.
Page 3 of 3