Filtered by vendor Sophos
Subscribe
Total
160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25271 | 1 Sophos | 1 Hitmanpro | 2022-05-03 | 3.6 LOW | 6.0 MEDIUM |
| A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | |||||
| CVE-2020-9363 | 1 Sophos | 6 Cloud Optix, Endpoint Protection, Intercept X Endpoint and 3 more | 2022-04-18 | 6.8 MEDIUM | 7.8 HIGH |
| The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction. | |||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2022-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
| CVE-2021-25273 | 1 Sophos | 1 Unified Threat Management | 2021-12-16 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | |||||
| CVE-2021-25269 | 1 Sophos | 3 Exploit Prevention, Intercept X Endpoint, Intercept X For Server | 2021-12-03 | 2.1 LOW | 4.4 MEDIUM |
| A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. | |||||
| CVE-2021-36807 | 1 Sophos | 1 Unified Threat Management Up2date | 2021-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. | |||||
| CVE-2021-36808 | 1 Sophos | 1 Sophos Secure Workspace | 2021-11-29 | 4.4 MEDIUM | 7.0 HIGH |
| A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. | |||||
| CVE-2020-9540 | 1 Sophos | 1 Hitmanpro.alert | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | |||||
| CVE-2020-10947 | 1 Sophos | 2 Anti-virus For Sophos Central, Anti-virus For Sophos Home | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | |||||
| CVE-2004-0935 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2021-04-09 | 7.5 HIGH | N/A |
| Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2004-0934 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2021-04-09 | 7.5 HIGH | N/A |
| Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2004-0933 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2021-04-09 | 7.5 HIGH | N/A |
| Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2004-1096 | 10 Broadcom, Ca, Eset Software and 7 more | 22 Brightstor Arcserve Backup, Etrust Antivirus, Etrust Antivirus Gateway and 19 more | 2021-04-09 | 7.5 HIGH | N/A |
| Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2004-0936 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2021-04-09 | 7.5 HIGH | N/A |
| RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2004-0937 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2021-04-09 | 7.5 HIGH | N/A |
| Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2004-0932 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2021-04-09 | 7.5 HIGH | N/A |
| McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | |||||
| CVE-2021-25265 | 2 Microsoft, Sophos | 2 Windows, Connect | 2021-03-24 | 6.8 MEDIUM | 8.8 HIGH |
| A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | |||||
| CVE-2020-29574 | 1 Sophos | 1 Cyberoamos | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. | |||||
| CVE-2019-17059 | 1 Sophos | 2 Cyberoam, Cyberoamos | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | |||||
| CVE-2020-17352 | 1 Sophos | 1 Xg Firewall Firmware | 2020-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | |||||