Sophos Anti-virus Security Vulnerabilities and Issues — Sophos Anti-virus CVE List

Lucene search

SophosSophos Anti-virus

10 matches found

CVE•added 2005/10/30 2:34 p.m.•44 views

CVE-2005-3382

Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be e...

5CVSS6.9AI score0.0367EPSS

CVE•added 2005/05/14 4:0 a.m.•43 views

CVE-2005-1551

Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.

5.1CVSS7.2AI score0.00772EPSS

CVE•added 2005/07/19 4:0 a.m.•41 views

CVE-2005-1530

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.

5CVSS6.6AI score0.05979EPSS

CVE•added 2005/10/14 10:2 a.m.•40 views

CVE-2005-3216

Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even th...

5.1CVSS7AI score0.00917EPSS

CVE•added 2007/09/10 9:17 p.m.•39 views

CVE-2007-4787

The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.

5CVSS6.7AI score0.01341EPSS

CVE•added 2005/05/19 4:0 a.m.•38 views

CVE-2004-2088

Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.

5CVSS7.1AI score0.05692EPSS

CVE•added 2006/11/01 3:7 p.m.•37 views

CVE-2006-4839

Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.

5CVSS6.6AI score0.01917EPSS

CVE•added 2008/07/15 6:41 p.m.•35 views

CVE-2008-3177

Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.

5CVSS6.7AI score0.06048EPSS

CVE•added 2014/02/10 11:55 p.m.•34 views

CVE-2014-1213

Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumpti...

5.6CVSS6.5AI score0.00049EPSS

CVE•added 2006/02/01 2:0 a.m.•30 views

CVE-2005-4680

Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.

5CVSS7.2AI score0.03191EPSS