VYPR

Vendor CVEs

Sophos

All CVEs

166 total · sorted by risk
  • CVE-2010-2308Jun 16, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.

  • CVE-2008-7106Aug 27, 2009
    risk 0.00cvss epss 0.03

    The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of…

  • CVE-2008-7105Aug 27, 2009
    risk 0.00cvss epss 0.03

    Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this…

  • CVE-2008-7104Aug 27, 2009
    risk 0.00cvss epss 0.03

    Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.

  • CVE-2008-3177Jul 15, 2008
    risk 0.00cvss epss 0.05

    Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.

  • CVE-2008-1737Apr 30, 2008
    risk 0.00cvss epss 0.01

    Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes…

  • CVE-2007-4787Sep 10, 2007
    risk 0.00cvss epss 0.06

    The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.

  • CVE-2007-4512Sep 10, 2007
    risk 0.00cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not…

  • CVE-2007-4577Aug 28, 2007
    risk 0.00cvss epss 0.06

    Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").

  • CVE-2006-4839Nov 1, 2006
    risk 0.00cvss epss 0.03

    Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.

  • CVE-2005-3382Oct 30, 2005
    risk 0.00cvss epss 0.04

    Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type…

  • CVE-2005-3216Oct 14, 2005
    risk 0.00cvss epss 0.05

    Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar…

  • CVE-2005-1530Jul 19, 2005
    risk 0.00cvss epss 0.06

    Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.

  • CVE-2005-1551May 14, 2005
    risk 0.00cvss epss 0.04

    Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.

  • CVE-2004-2252Dec 31, 2004
    risk 0.00cvss epss 0.04

    The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.

  • CVE-2004-2075Dec 31, 2004
    risk 0.00cvss epss 0.02

    Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.

Page 4 of 4