Vulnerabilities (CVE)

Filtered by vendor Sophos Subscribe
Total 126 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25264 1 Sophos 2 Home, Intercept X 2021-05-25 7.2 HIGH 6.7 MEDIUM
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
CVE-2020-10947 1 Sophos 2 Anti-virus For Sophos Central, Anti-virus For Sophos Home 2021-05-07 6.5 MEDIUM 8.8 HIGH
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.
CVE-2004-1096 10 Broadcom, Ca, Eset Software and 7 more 22 Brightstor Arcserve Backup, Etrust Antivirus, Etrust Antivirus Gateway and 19 more 2021-04-09 7.5 HIGH N/A
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2004-0933 11 Archive Zip, Broadcom, Ca and 8 more 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more 2021-04-09 7.5 HIGH N/A
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2004-0935 11 Archive Zip, Broadcom, Ca and 8 more 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more 2021-04-09 7.5 HIGH N/A
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2004-0934 11 Archive Zip, Broadcom, Ca and 8 more 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more 2021-04-09 7.5 HIGH N/A
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2004-0936 11 Archive Zip, Broadcom, Ca and 8 more 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more 2021-04-09 7.5 HIGH N/A
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2004-0932 11 Archive Zip, Broadcom, Ca and 8 more 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more 2021-04-09 7.5 HIGH N/A
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2004-0937 11 Archive Zip, Broadcom, Ca and 8 more 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more 2021-04-09 7.5 HIGH N/A
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVE-2021-25265 2 Microsoft, Sophos 2 Windows, Connect 2021-03-24 6.8 MEDIUM 8.8 HIGH
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
CVE-2020-29574 1 Sophos 1 Cyberoamos 2020-12-14 7.5 HIGH 9.8 CRITICAL
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
CVE-2020-25223 1 Sophos 1 United Threat Management 2020-10-09 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVE-2019-17059 1 Sophos 2 Cyberoam, Cyberoamos 2020-08-24 10.0 HIGH 9.8 CRITICAL
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
CVE-2018-3970 1 Sophos 1 Hitmanpro.alert 2020-08-24 2.1 LOW 5.5 MEDIUM
An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
CVE-2020-17352 1 Sophos 1 Xg Firewall Firmware 2020-08-12 6.5 MEDIUM 8.8 HIGH
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
CVE-2020-15069 1 Sophos 2 Xg Firewall, Xg Firewall Firmware 2020-07-16 7.5 HIGH 9.8 CRITICAL
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
CVE-2020-15504 1 Sophos 1 Xg Firewall Firmware 2020-07-14 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.
CVE-2018-16117 1 Sophos 2 Sfos, Xg Firewall 2020-07-13 9.0 HIGH 8.8 HIGH
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
CVE-2020-14980 1 Sophos 1 Sophos Secure Email 2020-07-06 4.3 MEDIUM 5.9 MEDIUM
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.
CVE-2020-11503 1 Sophos 2 Sfos, Xg Firewall 2020-06-23 7.5 HIGH 9.8 CRITICAL
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.