Vendor CVEs
Sophos
All CVEs
166 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2308 | 0.00 | — | 0.01 | Jun 16, 2010 | Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function. | |||
| CVE-2008-7106 | 0.00 | — | 0.03 | Aug 27, 2009 | The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of… | |||
| CVE-2008-7105 | 0.00 | — | 0.03 | Aug 27, 2009 | Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this… | |||
| CVE-2008-7104 | 0.00 | — | 0.03 | Aug 27, 2009 | Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file. | |||
| CVE-2008-3177 | 0.00 | — | 0.05 | Jul 15, 2008 | Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. | |||
| CVE-2008-1737 | 0.00 | — | 0.01 | Apr 30, 2008 | Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes… | |||
| CVE-2007-4787 | 0.00 | — | 0.06 | Sep 10, 2007 | The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. | |||
| CVE-2007-4512 | 0.00 | — | 0.05 | Sep 10, 2007 | Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not… | |||
| CVE-2007-4577 | 0.00 | — | 0.06 | Aug 28, 2007 | Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). | |||
| CVE-2006-4839 | 0.00 | — | 0.03 | Nov 1, 2006 | Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | |||
| CVE-2005-3382 | 0.00 | — | 0.04 | Oct 30, 2005 | Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type… | |||
| CVE-2005-3216 | 0.00 | — | 0.05 | Oct 14, 2005 | Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar… | |||
| CVE-2005-1530 | 0.00 | — | 0.06 | Jul 19, 2005 | Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value. | |||
| CVE-2005-1551 | 0.00 | — | 0.04 | May 14, 2005 | Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot. | |||
| CVE-2004-2252 | 0.00 | — | 0.04 | Dec 31, 2004 | The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||
| CVE-2004-2075 | 0.00 | — | 0.02 | Dec 31, 2004 | Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated. |
- CVE-2010-2308Jun 16, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.
- CVE-2008-7106Aug 27, 2009risk 0.00cvss —epss 0.03
The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of…
- CVE-2008-7105Aug 27, 2009risk 0.00cvss —epss 0.03
Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this…
- CVE-2008-7104Aug 27, 2009risk 0.00cvss —epss 0.03
Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.
- CVE-2008-3177Jul 15, 2008risk 0.00cvss —epss 0.05
Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.
- CVE-2008-1737Apr 30, 2008risk 0.00cvss —epss 0.01
Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes…
- CVE-2007-4787Sep 10, 2007risk 0.00cvss —epss 0.06
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
- CVE-2007-4512Sep 10, 2007risk 0.00cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not…
- CVE-2007-4577Aug 28, 2007risk 0.00cvss —epss 0.06
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
- CVE-2006-4839Nov 1, 2006risk 0.00cvss —epss 0.03
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
- CVE-2005-3382Oct 30, 2005risk 0.00cvss —epss 0.04
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type…
- CVE-2005-3216Oct 14, 2005risk 0.00cvss —epss 0.05
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar…
- CVE-2005-1530Jul 19, 2005risk 0.00cvss —epss 0.06
Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.
- CVE-2005-1551May 14, 2005risk 0.00cvss —epss 0.04
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.
- CVE-2004-2252Dec 31, 2004risk 0.00cvss —epss 0.04
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
- CVE-2004-2075Dec 31, 2004risk 0.00cvss —epss 0.02
Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.
Page 4 of 4