CVSS: 7.5EPSS: 0%CPEs: 168EXPL: 0CVE-2010-1425
https://notcve.org/view.php?id=CVE-2010-1425
15 Apr 2010 — F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client S... • http://secunia.com/advisories/39396 •
CVSS: 10.0EPSS: 6%CPEs: 7EXPL: 0CVE-2008-6904
https://notcve.org/view.php?id=CVE-2008-6904
06 Aug 2009 — Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE. Vulnerabilidad sin especificar en Sophos SAVScan v4.33.0 de Linux, y probablemente otros productos y versiones, permiten a atacantes remotos causar una denegación de servicio (falta de segment... • http://marc.info/?l=bugtraq&m=122893252316489&w=2 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-6903
https://notcve.org/view.php?id=CVE-2008-6903
06 Aug 2009 — Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Format... • http://marc.info/?l=bugtraq&m=122893252316489&w=2 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 19EXPL: 0CVE-2009-1782
https://notcve.org/view.php?id=CVE-2009-1782
22 May 2009 — Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. Múltiples productos antivirus F-Secure, incluidos: Anti-Virus for Microsoft Exchange v7.10 y anteriores... • http://secunia.com/advisories/35008 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5526
https://notcve.org/view.php?id=CVE-2008-5526
12 Dec 2008 — DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. DrWeb Anti-virus v4.44.0.09170, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un do... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5541
https://notcve.org/view.php?id=CVE-2008-5541
12 Dec 2008 — Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Sophos Anti-Virus v4.33.0, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HT... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1737
https://notcve.org/view.php?id=CVE-2008-1737
29 Apr 2008 — Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function. Sophos Anti-Virus 7.0.5 y otras versiones 7.x, cuando está habilitado Runtime Behavioural Analysis, permite a usuarios locales provocar una denegación de ... • http://secunia.com/advisories/29996 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4512
https://notcve.org/view.php?id=CVE-2007-4512
10 Sep 2007 — Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. Una vulnerabilidad de tipo cross-site scripting (XSS) en Sophos Anti-Virus para Windows versiones 6.x anteriores a 6.5.8 y versiones 7.x anteriores a 7.0.1, permite a atacantes remotos ... • http://osvdb.org/37527 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 5%CPEs: 37EXPL: 0CVE-2007-4577
https://notcve.org/view.php?id=CVE-2007-4577
28 Aug 2007 — Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). Sophos Anti-Virus para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un archivo BZip mal formado que resulta en la creación de múltiples ficheros Engine temporales (también conocida como "bomba BZip"). • http://secunia.com/advisories/26580 • CWE-399: Resource Management Errors •
CVSS: 8.4EPSS: 8%CPEs: 37EXPL: 0CVE-2007-4578
https://notcve.org/view.php?id=CVE-2007-4578
28 Aug 2007 — Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. Sophos Anti-Virus para Windows y para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (caída) y pos... • http://secunia.com/advisories/26580 • CWE-189: Numeric Errors •