CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-6903
https://notcve.org/view.php?id=CVE-2008-6903
06 Aug 2009 — Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Format... • http://marc.info/?l=bugtraq&m=122893252316489&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5541
https://notcve.org/view.php?id=CVE-2008-5541
12 Dec 2008 — Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Sophos Anti-Virus v4.33.0, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HT... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 6EXPL: 0CVE-2008-3177
https://notcve.org/view.php?id=CVE-2008-3177
15 Jul 2008 — Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments. El motor de detección de Sophos 2.75 en Linux y Unix, descubierto en Sophos Email Appliance, Pure Message para Unix y Sophos Anti-Virus Interface (SAVI), permite a los atacantes remotos provocar una denegación de servicio (caída del engine) a través del adju... • http://secunia.com/advisories/31037 • CWE-16: Configuration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1737
https://notcve.org/view.php?id=CVE-2008-1737
29 Apr 2008 — Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. Sophos Anti-Virus 7.0.5 y otras versiones 7.x, cuando está habilitado Runtime Behavioural Analysis, permite a usuarios locales provocar una denegación de ... • http://secunia.com/advisories/29996 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 35EXPL: 0CVE-2007-4787
https://notcve.org/view.php?id=CVE-2007-4787
10 Sep 2007 — The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. El motor de detección de virus en Sophos Anti-Virus anterior a 2.49.0 no procesa adecuadamente los archivos malformados (1) CAB, (2) LZH, y (3) RAR con cabeceras modificadas, lo cual podría permitir a atacantes remotos evitar la detección de código malicioso. • http://osvdb.org/37988 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4512
https://notcve.org/view.php?id=CVE-2007-4512
10 Sep 2007 — Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. Una vulnerabilidad de tipo cross-site scripting (XSS) en Sophos Anti-Virus para Windows versiones 6.x anteriores a 6.5.8 y versiones 7.x anteriores a 7.0.1, permite a atacantes remotos ... • http://osvdb.org/37527 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 5%CPEs: 37EXPL: 0CVE-2007-4577
https://notcve.org/view.php?id=CVE-2007-4577
28 Aug 2007 — Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). Sophos Anti-Virus para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un archivo BZip mal formado que resulta en la creación de múltiples ficheros Engine temporales (también conocida como "bomba BZip"). • http://secunia.com/advisories/26580 • CWE-399: Resource Management Errors •
CVSS: 8.4EPSS: 8%CPEs: 37EXPL: 0CVE-2007-4578
https://notcve.org/view.php?id=CVE-2007-4578
28 Aug 2007 — Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. Sophos Anti-Virus para Windows y para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (caída) y pos... • http://secunia.com/advisories/26580 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 0CVE-2006-6335 – Sophos Anti-Virus SIT Archive Parsing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6335
12 Dec 2006 — Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll. Múltiples desbordamientos de búfer en el motor de escaneo Sophos Anti-Virus en versiones anteriores a la 2... • http://secunia.com/advisories/23325 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4839
https://notcve.org/view.php?id=CVE-2006-4839
01 Nov 2006 — Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. Sophos Anti-Virus 5.1 permite a atacantes remotos provocar una denegación de servicio (agotamiento de memoria) mediante un fichero comprimido con Petite que contiene un gran número de secciones. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=438 •