Vulnerabilities (CVE)

Vendor filter

Sophos Subscribe

Filter

31 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17059 1 Sophos 1 Cyberoamos 2019-10-16 10.0
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
CVE-2017-6182 1 Sophos 1 Web Appliance 2019-10-03 7.5
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
CVE-2017-17023 2 Ncp-e, Sophos 2 Ncp Secure Entry Client, Ipsec Client 2019-10-03 9.3
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in...
CVE-2018-16118 1 Sophos 1 Sfos 2019-06-25 9.3
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
CVE-2018-16117 1 Sophos 1 Sfos 2019-06-24 9.0
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
CVE-2012-6706 2 Sophos, Rarlab 2 Threat Detection Engine, Unrar 2018-10-21 10.0
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in...
CVE-2006-0994 1 Sophos 1 Sophos Anti-virus 2018-10-18 7.5
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count...
CVE-2006-6335 1 Sophos 1 Sophos Anti-virus 2018-10-17 10.0
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll...
CVE-2007-4577 1 Sophos 3 Small Business Suite, Anti-virus, Scanning Engine 2018-10-15 7.8
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
CVE-2008-5541 1 Sophos 1 Anti-virus 2018-10-11 9.3
Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no...
CVE-2016-7786 1 Sophos 1 Cyberoam Cr25ing Utm Firmware 2018-04-19 9.0
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
CVE-2018-6318 1 Sophos 1 Sophos Tester 2018-02-15 9.3
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any...
CVE-2017-6315 1 Sophos 1 Astaro Security Gateway Firmware 2017-09-27 10.0
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
CVE-2008-6904 1 Sophos 2 Anti-virus7.6.3, Anti-virus 2017-08-17 10.0
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that...
CVE-2005-2768 1 Sophos 1 Sophos Anti-virus 2017-07-11 7.5
Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.
CVE-2004-1096 9 Eset Software, Sophos, Rav Antivirus and 6 more 20 Etrust Ez Armor, Linux, Etrust Intrusion Detection and 17 more 2017-07-11 7.5
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the...
CVE-2004-0937 10 Eset Software, Sophos, Archive Zip and 7 more 21 Etrust Ez Armor, Linux, Etrust Intrusion Detection and 18 more 2017-07-11 7.5
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent...
CVE-2004-0936 10 Eset Software, Sophos, Archive Zip and 7 more 21 Etrust Ez Armor, Linux, Etrust Intrusion Detection and 18 more 2017-07-11 7.5
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2004-0935 10 Eset Software, Sophos, Archive Zip and 7 more 21 Etrust Ez Armor, Linux, Etrust Intrusion Detection and 18 more 2017-07-11 7.5
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a...
CVE-2004-0934 10 Eset Software, Sophos, Archive Zip and 7 more 21 Etrust Ez Armor, Linux, Etrust Intrusion Detection and 18 more 2017-07-11 7.5
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.