MidnightBSD

Advisories for sophos

CVE-2004-0552 HIGH

Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos small_business_suite *
CVE-2004-0932 HIGH

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
sophos sophos_anti-virus 3.85
broadcom etrust_antivirus 7.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.84
broadcom etrust_intrusion_detection 1.5
sophos sophos_anti-virus 3.86
broadcom inoculateit 6.0
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
broadcom etrust_ez_armor 2.3
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
broadcom etrust_secure_content_manager 1.1
sophos sophos_anti-virus 3.79
broadcom etrust_ez_antivirus 6.1
eset_software nod32_antivirus 1.0.12
broadcom etrust_ez_armor 2.4
gentoo linux *
ca etrust_secure_content_manager 1.0
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_ez_armor 2.0
mcafee antivirus_engine 4.3.20
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
broadcom etrust_antivirus_gateway 7.1
sophos sophos_puremessage_anti-virus 4.6
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 4.0
sophos sophos_anti-virus 3.78d
archive_zip archive_zip 1.13
kaspersky_lab kaspersky_anti-virus 3.0
suse suse_linux 9.2
broadcom etrust_intrusion_detection 1.4.5
eset_software nod32_antivirus 1.0.11
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_anti-virus 3.80
broadcom etrust_secure_content_manager 1.0
gentoo linux 1.4
ca etrust_antivirus 7.0_sp2
sophos sophos_anti-virus 3.4.6
broadcom etrust_antivirus_gateway 7.0
sophos sophos_small_business_suite 1.0
broadcom etrust_ez_antivirus 6.3
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_for_file_servers 1.0
CVE-2004-0933 HIGH

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
sophos sophos_anti-virus 3.85
broadcom etrust_antivirus 7.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.84
broadcom etrust_intrusion_detection 1.5
sophos sophos_anti-virus 3.86
broadcom inoculateit 6.0
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
broadcom etrust_ez_armor 2.3
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
broadcom etrust_secure_content_manager 1.1
sophos sophos_anti-virus 3.79
broadcom etrust_ez_antivirus 6.1
eset_software nod32_antivirus 1.0.12
broadcom etrust_ez_armor 2.4
gentoo linux *
ca etrust_secure_content_manager 1.0
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_ez_armor 2.0
mcafee antivirus_engine 4.3.20
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
broadcom etrust_antivirus_gateway 7.1
sophos sophos_puremessage_anti-virus 4.6
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 4.0
sophos sophos_anti-virus 3.78d
archive_zip archive_zip 1.13
kaspersky_lab kaspersky_anti-virus 3.0
suse suse_linux 9.2
broadcom etrust_intrusion_detection 1.4.5
eset_software nod32_antivirus 1.0.11
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_anti-virus 3.80
broadcom etrust_secure_content_manager 1.0
gentoo linux 1.4
ca etrust_antivirus 7.0_sp2
sophos sophos_anti-virus 3.4.6
broadcom etrust_antivirus_gateway 7.0
sophos sophos_small_business_suite 1.0
broadcom etrust_ez_antivirus 6.3
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_for_file_servers 1.0
CVE-2004-0934 HIGH

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
sophos sophos_anti-virus 3.85
broadcom etrust_antivirus 7.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.84
broadcom etrust_intrusion_detection 1.5
sophos sophos_anti-virus 3.86
broadcom inoculateit 6.0
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
broadcom etrust_ez_armor 2.3
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
broadcom etrust_secure_content_manager 1.1
sophos sophos_anti-virus 3.79
broadcom etrust_ez_antivirus 6.1
eset_software nod32_antivirus 1.0.12
broadcom etrust_ez_armor 2.4
gentoo linux *
ca etrust_secure_content_manager 1.0
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_ez_armor 2.0
mcafee antivirus_engine 4.3.20
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
broadcom etrust_antivirus_gateway 7.1
sophos sophos_puremessage_anti-virus 4.6
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 4.0
sophos sophos_anti-virus 3.78d
archive_zip archive_zip 1.13
kaspersky_lab kaspersky_anti-virus 3.0
suse suse_linux 9.2
broadcom etrust_intrusion_detection 1.4.5
eset_software nod32_antivirus 1.0.11
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_anti-virus 3.80
broadcom etrust_secure_content_manager 1.0
gentoo linux 1.4
ca etrust_antivirus 7.0_sp2
sophos sophos_anti-virus 3.4.6
broadcom etrust_antivirus_gateway 7.0
sophos sophos_small_business_suite 1.0
broadcom etrust_ez_antivirus 6.3
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_for_file_servers 1.0
CVE-2004-0935 HIGH

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
sophos sophos_anti-virus 3.85
broadcom etrust_antivirus 7.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.84
broadcom etrust_intrusion_detection 1.5
sophos sophos_anti-virus 3.86
broadcom inoculateit 6.0
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
broadcom etrust_ez_armor 2.3
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
broadcom etrust_secure_content_manager 1.1
sophos sophos_anti-virus 3.79
broadcom etrust_ez_antivirus 6.1
eset_software nod32_antivirus 1.0.12
broadcom etrust_ez_armor 2.4
gentoo linux *
ca etrust_secure_content_manager 1.0
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_ez_armor 2.0
mcafee antivirus_engine 4.3.20
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
broadcom etrust_antivirus_gateway 7.1
sophos sophos_puremessage_anti-virus 4.6
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 4.0
sophos sophos_anti-virus 3.78d
archive_zip archive_zip 1.13
kaspersky_lab kaspersky_anti-virus 3.0
suse suse_linux 9.2
broadcom etrust_intrusion_detection 1.4.5
eset_software nod32_antivirus 1.0.11
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_anti-virus 3.80
broadcom etrust_secure_content_manager 1.0
gentoo linux 1.4
ca etrust_antivirus 7.0_sp2
sophos sophos_anti-virus 3.4.6
broadcom etrust_antivirus_gateway 7.0
sophos sophos_small_business_suite 1.0
broadcom etrust_ez_antivirus 6.3
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_for_file_servers 1.0
CVE-2004-0936 HIGH

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
sophos sophos_anti-virus 3.85
broadcom etrust_antivirus 7.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.84
broadcom etrust_intrusion_detection 1.5
sophos sophos_anti-virus 3.86
broadcom inoculateit 6.0
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
broadcom etrust_ez_armor 2.3
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
broadcom etrust_secure_content_manager 1.1
sophos sophos_anti-virus 3.79
broadcom etrust_ez_antivirus 6.1
eset_software nod32_antivirus 1.0.12
broadcom etrust_ez_armor 2.4
gentoo linux *
ca etrust_secure_content_manager 1.0
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_ez_armor 2.0
mcafee antivirus_engine 4.3.20
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
broadcom etrust_antivirus_gateway 7.1
sophos sophos_puremessage_anti-virus 4.6
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 4.0
sophos sophos_anti-virus 3.78d
archive_zip archive_zip 1.13
kaspersky_lab kaspersky_anti-virus 3.0
suse suse_linux 9.2
broadcom etrust_intrusion_detection 1.4.5
eset_software nod32_antivirus 1.0.11
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_anti-virus 3.80
broadcom etrust_secure_content_manager 1.0
gentoo linux 1.4
ca etrust_antivirus 7.0_sp2
sophos sophos_anti-virus 3.4.6
broadcom etrust_antivirus_gateway 7.0
sophos sophos_small_business_suite 1.0
broadcom etrust_ez_antivirus 6.3
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_for_file_servers 1.0
CVE-2004-0937 HIGH

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
sophos sophos_anti-virus 3.85
broadcom etrust_antivirus 7.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.84
broadcom etrust_intrusion_detection 1.5
sophos sophos_anti-virus 3.86
broadcom inoculateit 6.0
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
broadcom etrust_ez_armor 2.3
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
broadcom etrust_secure_content_manager 1.1
sophos sophos_anti-virus 3.79
broadcom etrust_ez_antivirus 6.1
eset_software nod32_antivirus 1.0.12
broadcom etrust_ez_armor 2.4
gentoo linux *
ca etrust_secure_content_manager 1.0
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_ez_armor 2.0
mcafee antivirus_engine 4.3.20
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
broadcom etrust_antivirus_gateway 7.1
sophos sophos_puremessage_anti-virus 4.6
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 4.0
sophos sophos_anti-virus 3.78d
archive_zip archive_zip 1.13
kaspersky_lab kaspersky_anti-virus 3.0
suse suse_linux 9.2
broadcom etrust_intrusion_detection 1.4.5
eset_software nod32_antivirus 1.0.11
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_anti-virus 3.80
broadcom etrust_secure_content_manager 1.0
gentoo linux 1.4
ca etrust_antivirus 7.0_sp2
sophos sophos_anti-virus 3.4.6
broadcom etrust_antivirus_gateway 7.0
sophos sophos_small_business_suite 1.0
broadcom etrust_ez_antivirus 6.3
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_for_file_servers 1.0
CVE-2004-1096 HIGH

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
sophos sophos_anti-virus 3.85
broadcom etrust_antivirus 7.1
kaspersky_lab kaspersky_anti-virus 5.0
sophos sophos_anti-virus 3.84
broadcom etrust_intrusion_detection 1.5
sophos sophos_anti-virus 3.86
broadcom inoculateit 6.0
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
broadcom etrust_ez_armor 2.3
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
broadcom etrust_secure_content_manager 1.1
sophos sophos_anti-virus 3.79
broadcom etrust_ez_antivirus 6.1
eset_software nod32_antivirus 1.0.12
broadcom etrust_ez_armor 2.4
gentoo linux *
ca etrust_secure_content_manager 1.0
rav_antivirus rav_antivirus_desktop 8.6
broadcom etrust_ez_armor 2.0
mcafee antivirus_engine 4.3.20
rav_antivirus rav_antivirus_for_mail_servers 8.4.2
broadcom etrust_antivirus_gateway 7.1
sophos sophos_puremessage_anti-virus 4.6
broadcom brightstor_arcserve_backup 11.1
broadcom etrust_antivirus 7.0
kaspersky_lab kaspersky_anti-virus 4.0
sophos sophos_anti-virus 3.78d
kaspersky_lab kaspersky_anti-virus 3.0
suse suse_linux 9.2
broadcom etrust_intrusion_detection 1.4.5
eset_software nod32_antivirus 1.0.11
broadcom etrust_intrusion_detection 1.4.1.13
sophos sophos_anti-virus 3.80
broadcom etrust_secure_content_manager 1.0
gentoo linux 1.4
ca etrust_antivirus 7.0_sp2
sophos sophos_anti-virus 3.4.6
broadcom etrust_antivirus_gateway 7.0
sophos sophos_small_business_suite 1.0
broadcom etrust_ez_antivirus 6.3
eset_software nod32_antivirus 1.0.13
broadcom etrust_ez_antivirus 6.2
rav_antivirus rav_antivirus_for_file_servers 1.0
CVE-2004-2088 MEDIUM

Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.4.6
CVE-2004-2252 MEDIUM

The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
sophos astaro_security_linux *
CVE-2005-1530 MEDIUM

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 5.0.1
sophos sophos_anti-virus 3.85
sophos sophos_puremessage_anti-virus 4.6
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.86
sophos sophos_mailmonitor_for_notes_domino *
sophos sophos_anti-virus 3.80
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.90
sophos sophos_mailmonitor 2.1
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.91
sophos sophos_anti-virus 3.4.6
sophos sophos_small_business_suite 1.0
sophos sophos_mailmonitor 2.0
CVE-2005-1551 MEDIUM

Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 3.93
CVE-2005-2768 HIGH

Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 5.0.1
sophos sophos_anti-virus 3.85
sophos sophos_anti-virus 5.0.4
sophos sophos_anti-virus 3.78d
sophos sophos_anti-virus 3.84
sophos sophos_anti-virus 3.86
sophos sophos_anti-virus 3.80
sophos sophos_anti-virus 3.81
sophos sophos_anti-virus 3.78
sophos sophos_anti-virus 3.82
sophos sophos_anti-virus 3.83
sophos sophos_anti-virus 3.95
sophos sophos_anti-virus 4.5.3
sophos sophos_anti-virus 3.90
sophos sophos_anti-virus 3.79
sophos sophos_anti-virus 3.91
sophos sophos_anti-virus 3.4.6
CVE-2005-3216 MEDIUM

Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos sophos_anti-virus *
CVE-2005-3382 MEDIUM

Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 3.91_engine_2.28.4
CVE-2005-4680 MEDIUM

Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.04
sophos sophos_anti-virus *
CVE-2006-0994 HIGH

Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sophos sophos_anti-virus *
CVE-2010-2308 HIGH

Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos anti-virus 5.0.2
sophos anti-virus *
sophos anti-virus 3.82
sophos anti-virus 3.81
sophos anti-virus 3.79
sophos anti-virus 7.6.16
sophos anti-virus 7.6
sophos anti-virus 7.0.5
sophos anti-virus 5.0.9
sophos anti-virus 6.0.4
sophos anti-virus 5.0.1
sophos anti-virus 4.03
sophos anti-virus 5.1
sophos anti-virus 3.78
sophos anti-virus 3.84
sophos anti-virus 3.85
sophos anti-virus 4.5.4
sophos anti-virus 3.4.6
sophos anti-virus 3.78d
sophos anti-virus 5.2.1
sophos anti-virus 3.80
sophos anti-virus 4.7.2
sophos anti-virus 3.83
sophos anti-virus 4.04
sophos anti-virus 4.7.1
sophos anti-virus 4.5.11
sophos anti-virus 4.5.12
sophos anti-virus 4.33.0
sophos anti-virus 7.6.14
sophos anti-virus 7.6.18
sophos anti-virus 5.2
sophos anti-virus 7.6.17
sophos anti-virus 3.91
sophos anti-virus 5.0.4
sophos anti-virus 7.0
sophos anti-virus 4.5.3
sophos anti-virus 3.95
sophos anti-virus 6.5
sophos anti-virus 3.96.0
sophos anti-virus 7.6.15
sophos anti-virus 3.90
sophos anti-virus 3.86
sophos anti-virus 4.05
CVE-2010-5177 MEDIUM

Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
sophos sophos_endpoint_security_and_control 9.0.5
CVE-2012-1424 MEDIUM

The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
cat quick_heal 11.00
antiy avl_sdk 2.0.3.7
sophos sophos_anti-virus 4.61.0
jiangmin jiangmin_antivirus 13.0.900
pc_tools pc_tools_antivirus 7.0.3.5
norman norman_antivirus_&_antispyware 6.06.12
CVE-2012-1427 MEDIUM

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
cat quick_heal 11.00
sophos sophos_anti-virus 4.61.0
norman norman_antivirus_&_antispyware 6.06.12
CVE-2012-1428 MEDIUM

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
cat quick_heal 11.00
sophos sophos_anti-virus 4.61.0
norman norman_antivirus_&_antispyware 6.06.12
CVE-2012-1430 MEDIUM

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f-secure anti-virus 9.0.16160.0
sophos sophos_anti-virus 4.61.0
comodo comodo_antivirus 7424
bitdefender bitdefender 7.2
aladdin esafe 7.0.17.0
mcafee gateway 2010.1c
nprotect nprotect_antivirus 2011-01-17.01
rising-global rising_antivirus 22.83.00.03
mcafee scan_engine 5.400.0.1158
CVE-2012-1431 MEDIUM

The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f-prot f-prot_antivirus 4.6.2.117
authentium command_antivirus 5.2.11.5
sophos sophos_anti-virus 4.61.0
comodo comodo_antivirus 7424
bitdefender bitdefender 7.2
aladdin esafe 7.0.17.0
mcafee gateway 2010.1c
nprotect nprotect_antivirus 2011-01-17.01
rising-global rising_antivirus 22.83.00.03
f-secure f-secure_anti-virus 9.0.16160.0
CVE-2012-1438 MEDIUM

The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
comodo comodo_antivirus 7425
CVE-2012-1442 MEDIUM

The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
cat quick_heal 11.00
antiy avl_sdk 2.0.3.7
sophos sophos_anti-virus 4.61.0
pandasecurity panda_antivirus 10.0.2.7
aladdin esafe 7.0.17.0
mcafee gateway 2010.1c
fortinet fortinet_antivirus 4.2.254.0
rising-global rising_antivirus 22.83.00.03
mcafee scan_engine 5.400.0.1158
kaspersky kaspersky_anti-virus 7.0.0.125
f-secure f-secure_anti-virus 9.0.16160.0
CVE-2012-1443 MEDIUM

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
comodo comodo_antivirus 7424
alwil avast_antivirus 4.8.1351.0
trendmicro housecall 9.120.0.1004
mcafee gateway 2010.1c
avg avg_anti-virus 10.0.0.1190
microsoft security_essentials 2.0
emsisoft anti-malware 5.1.0.1
gdata-software g_data_antivirus 21
rising-global rising_antivirus 22.83.00.03
f-secure f-secure_anti-virus 9.0.16160.0
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
aladdin esafe 7.0.17.0
eset nod32_antivirus 5795
k7computing antivirus 9.77.3565
virusbuster virusbuster 13.6.151.0
sophos sophos_anti-virus 4.61.0
symantec endpoint_protection 11.0
clamav clamav 0.96.4
nprotect nprotect_antivirus 2011-01-17.01
pc_tools pc_tools_antivirus 7.0.3.5
kaspersky kaspersky_anti-virus 7.0.0.125
norman norman_antivirus_&_antispyware 6.06.12
f-prot f-prot_antivirus 4.6.2.117
cat quick_heal 11.00
authentium command_antivirus 5.2.11.5
anti-virus vba32 3.12.14.2
antiy avl_sdk 2.0.3.7
bitdefender bitdefender 7.2
pandasecurity panda_antivirus 10.0.2.7
alwil avast_antivirus 5.0.677.0
trendmicro trend_micro_antivirus 9.120.0.1004
jiangmin jiangmin_antivirus 13.0.900
fortinet fortinet_antivirus 4.2.254.0
avira antivir 7.11.1.163
ahnlab v3_internet_security 2011.01.18.00
mcafee scan_engine 5.400.0.1158
CVE-2012-1446 MEDIUM

The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
symantec endpoint_protection 11.0
mcafee gateway 2010.1c
pc_tools pc_tools_antivirus 7.0.3.5
ca etrust_vet_antivirus 36.1.8511
rising-global rising_antivirus 22.83.00.03
kaspersky kaspersky_anti-virus 7.0.0.125
norman norman_antivirus_&_antispyware 6.06.12
cat quick_heal 11.00
antiy avl_sdk 2.0.3.7
pandasecurity panda_antivirus 10.0.2.7
aladdin esafe 7.0.17.0
fortinet fortinet_antivirus 4.2.254.0
mcafee scan_engine 5.400.0.1158
CVE-2012-1450 MEDIUM

The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
emsisoft anti-malware 5.1.0.1
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
CVE-2012-1453 MEDIUM

The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
trendmicro housecall 9.120.0.1004
mcafee gateway 2010.1c
drweb dr.web_antivirus 5.0.2.03300
microsoft security_essentials 2.0
emsisoft anti-malware 5.1.0.1
ca etrust_vet_antivirus 36.1.8511
rising-global rising_antivirus 22.83.00.03
kaspersky kaspersky_anti-virus 7.0.0.125
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
antiy avl_sdk 2.0.3.7
pandasecurity panda_antivirus 10.0.2.7
trendmicro trend_micro_antivirus 9.120.0.1004
fortinet fortinet_antivirus 4.2.254.0
CVE-2012-1456 MEDIUM

The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
comodo comodo_antivirus 7424
trendmicro housecall 9.120.0.1004
symantec endpoint_protection 11.0
mcafee gateway 2010.1c
avg avg_anti-virus 10.0.0.1190
emsisoft anti-malware 5.1.0.1
rising-global rising_antivirus 22.83.00.03
kaspersky kaspersky_anti-virus 7.0.0.125
norman norman_antivirus_&_antispyware 6.06.12
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
f-prot f-prot_antivirus 4.6.2.117
cat quick_heal 11.00
pandasecurity panda_antivirus 10.0.2.7
aladdin esafe 7.0.17.0
eset nod32_antivirus 5795
trendmicro trend_micro_antivirus 9.120.0.1004
jiangmin jiangmin_antivirus 13.0.900
fortinet fortinet_antivirus 4.2.254.0
mcafee scan_engine 5.400.0.1158
CVE-2012-1458 MEDIUM

The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
clamav clamav 0.96.4
CVE-2012-1459 MEDIUM

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
comodo comodo_antivirus 7424
alwil avast_antivirus 4.8.1351.0
trendmicro housecall 9.120.0.1004
mcafee gateway 2010.1c
avg avg_anti-virus 10.0.0.1190
microsoft security_essentials 2.0
emsisoft anti-malware 5.1.0.1
gdata-software g_data_antivirus 21
rising-global rising_antivirus 22.83.00.03
f-secure f-secure_anti-virus 9.0.16160.0
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
eset nod32_antivirus 5795
k7computing antivirus 9.77.3565
virusbuster virusbuster 13.6.151.0
sophos sophos_anti-virus 4.61.0
symantec endpoint_protection 11.0
clamav clamav 0.96.4
nprotect nprotect_antivirus 2011-01-17.01
pc_tools pc_tools_antivirus 7.0.3.5
kaspersky kaspersky_anti-virus 7.0.0.125
norman norman_antivirus_&_antispyware 6.06.12
f-prot f-prot_antivirus 4.6.2.117
cat quick_heal 11.00
authentium command_antivirus 5.2.11.5
anti-virus vba32 3.12.14.2
antiy avl_sdk 2.0.3.7
bitdefender bitdefender 7.2
pandasecurity panda_antivirus 10.0.2.7
alwil avast_antivirus 5.0.677.0
trendmicro trend_micro_antivirus 9.120.0.1004
jiangmin jiangmin_antivirus 13.0.900
fortinet fortinet_antivirus 4.2.254.0
avira antivir 7.11.1.163
ahnlab v3_internet_security 2011.01.18.00
mcafee scan_engine 5.400.0.1158
CVE-2012-1461 MEDIUM

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
trendmicro housecall 9.120.0.1004
symantec endpoint_protection 11.0
mcafee gateway 2010.1c
avg avg_anti-virus 10.0.0.1190
emsisoft anti-malware 5.1.0.1
rising-global rising_antivirus 22.83.00.03
kaspersky kaspersky_anti-virus 7.0.0.125
f-secure f-secure_anti-virus 9.0.16160.0
norman norman_antivirus_&_antispyware 6.06.12
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
authentium command_antivirus 5.2.11.5
anti-virus vba32 3.12.14.2
bitdefender bitdefender 7.2
eset nod32_antivirus 5795
trendmicro trend_micro_antivirus 9.120.0.1004
k7computing antivirus 9.77.3565
jiangmin jiangmin_antivirus 13.0.900
fortinet fortinet_antivirus 4.2.254.0
mcafee scan_engine 5.400.0.1158
CVE-2012-3238 MEDIUM

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos unified_threat_management 120
sophos unified_threat_management 425
sophos unified_threat_management 110
sophos unified_threat_management_software *
astaro security_gateway_software *
astaro security_gateway *
sophos unified_threat_management 625
sophos unified_threat_management 320
sophos unified_threat_management 220
sophos unified_threat_management 525
CVE-2012-6706 HIGH

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
rarlab unrar *
sophos threat_detection_engine *
CVE-2013-2641 MEDIUM

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
sophos web_appliance_firmware *
sophos web_appliance -
CVE-2013-2642 HIGH

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sophos web_appliance_firmware *
sophos web_appliance -
CVE-2013-2643 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos web_appliance_firmware *
sophos web_appliance -
CVE-2013-4983 HIGH

The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sophos web_appliance_firmware 3.4.8
sophos web_appliance_firmware 3.2.1
sophos web_appliance_firmware 3.3.2
sophos web_appliance_firmware 3.5.6
sophos web_appliance_firmware 3.2.3
sophos web_appliance_firmware 3.3.1
sophos web_appliance_firmware 3.8.1
sophos web_appliance_firmware 3.4.7
sophos web_appliance_firmware 3.4.0
sophos web_appliance_firmware 3.3.4
sophos web_appliance_firmware 3.7.6
sophos web_appliance_firmware 3.6.2.4.0
sophos web_appliance_firmware 3.6.2.1
sophos web_appliance_firmware 3.5.4
sophos web_appliance_firmware 3.3.3.1
sophos web_appliance_firmware 3.7.2
sophos web_appliance_firmware 3.7.4
sophos web_appliance_firmware 3.1.0.1
sophos web_appliance_firmware 3.2.4
sophos web_appliance_firmware 3.5.2
sophos web_appliance_firmware 3.1.0
sophos web_appliance_firmware 3.4.4
sophos web_appliance_firmware 3.1.3
sophos web_appliance_firmware 3.7.7
sophos web_appliance_firmware 3.6.2.3
sophos web_appliance_firmware 3.5.1.2
sophos web_appliance_firmware 3.2.7
sophos web_appliance_firmware 3.3.0
sophos web_appliance_firmware 3.6.4.1
sophos web_appliance_firmware 3.2.5
sophos web_appliance_firmware 3.4.5
sophos web_appliance_firmware 3.7.8.2
sophos web_appliance_firmware 3.7.8
sophos web_appliance_firmware 3.5.1
sophos web_appliance_firmware 3.1.4
sophos web_appliance_firmware 3.2.2
sophos web_appliance_firmware 3.3.5
sophos web_appliance_firmware 3.0.1.1
sophos web_appliance_firmware 3.6.2
sophos web_appliance_firmware 3.4.6
sophos web_appliance_firmware 3.6.2.4.1
sophos web_appliance_firmware 3.7.3
sophos web_appliance_firmware 3.6.1.1
sophos web_appliance_firmware 3.3.6
sophos web_appliance_firmware 3.0.5
sophos web_appliance_firmware 3.7.8.1
sophos web_appliance_firmware 3.0.5.1
sophos web_appliance_firmware 3.3.5.1
sophos web_appliance_firmware 3.7.0
sophos web_appliance_firmware 3.6.4
sophos web_appliance_firmware 3.0.2
sophos web_appliance_firmware 3.1.2
sophos web_appliance_firmware 3.8.0
sophos web_appliance_firmware 3.5.3
sophos web_appliance_firmware 3.5.0
sophos web_appliance_firmware 3.4.3
sophos web_appliance_firmware 3.6.4.2
sophos web_appliance_firmware 3.3.3
sophos web_appliance_firmware 3.7.5
sophos web_appliance_firmware 3.2.6
sophos web_appliance_firmware *
sophos web_appliance_firmware 3.4.3.1
sophos web_appliance_firmware 3.7.1
sophos web_appliance_firmware 3.0.1
sophos web_appliance_firmware 3.5.5
sophos web_appliance_firmware 3.3.6.1
sophos web_appliance_firmware 3.6.1
sophos web_appliance_firmware 3.4.2
sophos web_appliance_firmware 3.5.1.1
sophos web_appliance_firmware 3.0.4
sophos web_appliance_firmware 3.0.3
sophos web_appliance_firmware 3.6.3
sophos web_appliance_firmware 3.0.0
sophos web_appliance_firmware 3.2.2.1
sophos web_appliance_firmware 3.4.1
sophos web_appliance_firmware 3.1.1
CVE-2013-4984 HIGH

The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-264,

Products Affected

Vendor Product Version
sophos web_appliance 3.4.3.1
sophos web_appliance 3.3.5
sophos web_appliance 3.2.1
sophos web_appliance 3.7.8
sophos web_appliance 3.7.6
sophos web_appliance 3.6.1.1
sophos web_appliance 3.6.2.3
sophos web_appliance 3.3.6
sophos web_appliance 3.5.0
sophos web_appliance 3.6.1
sophos web_appliance 3.0.4
sophos web_appliance 3.6.4.2
sophos web_appliance 3.4.3
sophos web_appliance 3.7.3
sophos web_appliance 3.7.0
sophos web_appliance 3.2.2.1
sophos web_appliance 3.3.1
sophos web_appliance 3.5.4
sophos web_appliance 3.2.4
sophos web_appliance 3.7.8.2
sophos web_appliance 3.4.5
sophos web_appliance 3.6.4.1
sophos web_appliance 3.0.5
sophos web_appliance 3.6.2.4.1
sophos web_appliance *
sophos web_appliance 3.0.3
sophos web_appliance 3.7.5
sophos web_appliance 3.7.2
sophos web_appliance 3.4.8
sophos web_appliance 3.0.1
sophos web_appliance 3.5.6
sophos web_appliance 3.6.2.1
sophos web_appliance 3.7.4
sophos web_appliance 3.5.1.1
sophos web_appliance 3.1.3
sophos web_appliance 3.4.6
sophos web_appliance 3.0.1.1
sophos web_appliance 3.3.0
sophos web_appliance 3.6.3
sophos web_appliance 3.1.2
sophos web_appliance 3.4.0
sophos web_appliance 3.4.2
sophos web_appliance 3.3.5.1
sophos web_appliance 3.4.4
sophos web_appliance 3.5.1
sophos web_appliance 3.5.2
sophos web_appliance 3.1.0
sophos web_appliance 3.8.0
sophos web_appliance 3.6.2
sophos web_appliance 3.0.0
sophos web_appliance 3.7.7
sophos web_appliance 3.0.5.1
sophos web_appliance 3.3.4
sophos web_appliance 3.2.6
sophos web_appliance 3.4.7
sophos web_appliance 3.6.2.4.0
sophos web_appliance 3.6.4
sophos web_appliance 3.3.3
sophos web_appliance 3.1.4
sophos web_appliance 3.3.2
sophos web_appliance 3.3.3.1
sophos web_appliance 3.4.1
sophos web_appliance 3.5.3
sophos web_appliance 3.7.1
sophos web_appliance 3.2.3
sophos web_appliance 3.3.6.1
sophos web_appliance 3.5.5
sophos web_appliance 3.2.7
sophos web_appliance 3.7.8.1
sophos web_appliance 3.8.1
sophos web_appliance 3.1.0.1
sophos web_appliance 3.2.2
sophos web_appliance 3.1.1
sophos web_appliance 3.0.2
sophos web_appliance 3.2.5
sophos web_appliance 3.5.1.2
CVE-2013-5932 HIGH

Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos unified_threat_management_software 9.007
CVE-2014-1213 MEDIUM

Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos scanning_engine *
sophos sophos_anti-virus 10.0.11
CVE-2014-2005 MEDIUM

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
sophos enterprise_console *
sophos enterprise_console 5.2
sophos enterprise_console 5.2.1
sophos enterprise_console 5.1
CVE-2014-2385 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos anti-virus *
CVE-2014-2537 HIGH

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
sophos unified_threat_management_software 9.007
sophos unified_threat_management_software 9.107
sophos unified_threat_management 120
sophos unified_threat_management 425
sophos unified_threat_management 110
sophos unified_threat_management_software *
sophos unified_threat_management 625
sophos unified_threat_management 320
sophos unified_threat_management 220
sophos unified_threat_management_software 8.3
sophos unified_threat_management 525
CVE-2014-2849 HIGH

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos web_appliance_firmware 3.4.8
sophos web_appliance_firmware 3.2.1
sophos web_appliance_firmware 3.3.2
sophos web_appliance_firmware 3.5.6
sophos web_appliance_firmware 3.2.3
sophos web_appliance_firmware 3.3.1
sophos web_appliance_firmware 3.8.1
sophos web_appliance_firmware 3.4.7
sophos web_appliance_firmware 3.4.0
sophos web_appliance_firmware 3.3.4
sophos web_appliance_firmware 3.7.6
sophos web_appliance_firmware 3.6.2.4.0
sophos web_appliance_firmware 3.6.2.1
sophos web_appliance_firmware 3.5.4
sophos web_appliance_firmware 3.3.3.1
sophos web_appliance_firmware 3.7.2
sophos web_appliance_firmware 3.7.4
sophos web_appliance_firmware 3.1.0.1
sophos web_appliance_firmware 3.2.4
sophos web_appliance_firmware 3.5.2
sophos web_appliance_firmware 3.1.0
sophos web_appliance_firmware 3.4.4
sophos web_appliance -
sophos web_appliance_firmware 3.1.3
sophos web_appliance_firmware 3.7.7
sophos web_appliance_firmware 3.6.2.3
sophos web_appliance_firmware 3.5.1.2
sophos web_appliance_firmware 3.2.7
sophos web_appliance_firmware 3.3.0
sophos web_appliance_firmware 3.6.4.1
sophos web_appliance_firmware 3.7.9.1
sophos web_appliance_firmware 3.2.5
sophos web_appliance_firmware 3.4.5
sophos web_appliance_firmware 3.7.8.2
sophos web_appliance_firmware 3.7.8
sophos web_appliance_firmware 3.7.9
sophos web_appliance_firmware 3.5.1
sophos web_appliance_firmware 3.1.4
sophos web_appliance_firmware 3.2.2
sophos web_appliance_firmware 3.3.5
sophos web_appliance_firmware 3.0.1.1
sophos web_appliance_firmware 3.6.2
sophos web_appliance_firmware 3.4.6
sophos web_appliance_firmware 3.6.2.4.1
sophos web_appliance_firmware 3.7.3
sophos web_appliance_firmware 3.6.1.1
sophos web_appliance_firmware 3.3.6
sophos web_appliance_firmware 3.0.5
sophos web_appliance_firmware 3.7.8.1
sophos web_appliance_firmware 3.0.5.1
sophos web_appliance_firmware 3.3.5.1
sophos web_appliance_firmware 3.7.0
sophos web_appliance_firmware 3.6.4
sophos web_appliance_firmware 3.0.2
sophos web_appliance_firmware 3.1.2
sophos web_appliance_firmware 3.8.0
sophos web_appliance_firmware 3.5.3
sophos web_appliance_firmware 3.5.0
sophos web_appliance_firmware 3.4.3
sophos web_appliance_firmware 3.6.4.2
sophos web_appliance_firmware 3.3.3
sophos web_appliance_firmware 3.7.5
sophos web_appliance_firmware 3.2.6
sophos web_appliance_firmware *
sophos web_appliance_firmware 3.4.3.1
sophos web_appliance_firmware 3.7.1
sophos web_appliance_firmware 3.0.1
sophos web_appliance_firmware 3.5.5
sophos web_appliance_firmware 3.3.6.1
sophos web_appliance_firmware 3.6.1
sophos web_appliance_firmware 3.4.2
sophos web_appliance_firmware 3.5.1.1
sophos web_appliance_firmware 3.0.4
sophos web_appliance_firmware 3.0.3
sophos web_appliance_firmware 3.6.3
sophos web_appliance_firmware 3.0.0
sophos web_appliance_firmware 3.2.2.1
sophos web_appliance_firmware 3.4.1
sophos web_appliance_firmware 3.1.1
CVE-2014-2850 HIGH

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sophos web_appliance_firmware 3.4.8
sophos web_appliance_firmware 3.2.1
sophos web_appliance_firmware 3.3.2
sophos web_appliance_firmware 3.5.6
sophos web_appliance_firmware 3.2.3
sophos web_appliance_firmware 3.3.1
sophos web_appliance_firmware 3.8.1
sophos web_appliance_firmware 3.4.7
sophos web_appliance_firmware 3.4.0
sophos web_appliance_firmware 3.3.4
sophos web_appliance_firmware 3.7.6
sophos web_appliance_firmware 3.6.2.4.0
sophos web_appliance_firmware 3.6.2.1
sophos web_appliance_firmware 3.5.4
sophos web_appliance_firmware 3.3.3.1
sophos web_appliance_firmware 3.7.2
sophos web_appliance_firmware 3.7.4
sophos web_appliance_firmware 3.1.0.1
sophos web_appliance_firmware 3.2.4
sophos web_appliance_firmware 3.5.2
sophos web_appliance_firmware 3.1.0
sophos web_appliance_firmware 3.4.4
sophos web_appliance -
sophos web_appliance_firmware 3.1.3
sophos web_appliance_firmware 3.7.7
sophos web_appliance_firmware 3.6.2.3
sophos web_appliance_firmware 3.5.1.2
sophos web_appliance_firmware 3.2.7
sophos web_appliance_firmware 3.3.0
sophos web_appliance_firmware 3.6.4.1
sophos web_appliance_firmware 3.7.9.1
sophos web_appliance_firmware 3.2.5
sophos web_appliance_firmware 3.4.5
sophos web_appliance_firmware 3.7.8.2
sophos web_appliance_firmware 3.7.8
sophos web_appliance_firmware 3.7.9
sophos web_appliance_firmware 3.5.1
sophos web_appliance_firmware 3.1.4
sophos web_appliance_firmware 3.2.2
sophos web_appliance_firmware 3.3.5
sophos web_appliance_firmware 3.0.1.1
sophos web_appliance_firmware 3.6.2
sophos web_appliance_firmware 3.4.6
sophos web_appliance_firmware 3.6.2.4.1
sophos web_appliance_firmware 3.7.3
sophos web_appliance_firmware 3.6.1.1
sophos web_appliance_firmware 3.3.6
sophos web_appliance_firmware 3.0.5
sophos web_appliance_firmware 3.7.8.1
sophos web_appliance_firmware 3.0.5.1
sophos web_appliance_firmware 3.3.5.1
sophos web_appliance_firmware 3.7.0
sophos web_appliance_firmware 3.6.4
sophos web_appliance_firmware 3.0.2
sophos web_appliance_firmware 3.1.2
sophos web_appliance_firmware 3.8.0
sophos web_appliance_firmware 3.5.3
sophos web_appliance_firmware 3.5.0
sophos web_appliance_firmware 3.4.3
sophos web_appliance_firmware 3.6.4.2
sophos web_appliance_firmware 3.3.3
sophos web_appliance_firmware 3.7.5
sophos web_appliance_firmware 3.2.6
sophos web_appliance_firmware *
sophos web_appliance_firmware 3.4.3.1
sophos web_appliance_firmware 3.7.1
sophos web_appliance_firmware 3.0.1
sophos web_appliance_firmware 3.5.5
sophos web_appliance_firmware 3.3.6.1
sophos web_appliance_firmware 3.6.1
sophos web_appliance_firmware 3.4.2
sophos web_appliance_firmware 3.5.1.1
sophos web_appliance_firmware 3.0.4
sophos web_appliance_firmware 3.0.3
sophos web_appliance_firmware 3.6.3
sophos web_appliance_firmware 3.0.0
sophos web_appliance_firmware 3.2.2.1
sophos web_appliance_firmware 3.4.1
sophos web_appliance_firmware 3.1.1
CVE-2015-7547 MEDIUM

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
gnu glibc 2.11.1
f5 big-ip_application_acceleration_manager 12.0.0
redhat enterprise_linux_server_eus 7.2
f5 big-ip_advanced_firewall_manager 12.0.0
gnu glibc 2.16
gnu glibc 2.19
gnu glibc 2.20
gnu glibc 2.11.3
debian debian_linux 8.0
suse linux_enterprise_server 11.0
gnu glibc 2.18
gnu glibc 2.10.1
f5 big-ip_local_traffic_manager 12.0.0
canonical ubuntu_linux 14.04
gnu glibc 2.17
sophos unified_threat_management_software 9.319
hp server_migration_pack 7.5
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_domain_name_system 12.0.0
suse linux_enterprise_debuginfo 11.0
gnu glibc 2.11
sophos unified_threat_management_software 9.355
gnu glibc 2.12.2
gnu glibc 2.12.1
canonical ubuntu_linux 12.04
oracle exalogic_infrastructure 2.0
suse linux_enterprise_desktop 11.0
f5 big-ip_analytics 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
oracle fujitsu_m10_firmware *
suse suse_linux_enterprise_server 12
gnu glibc 2.10
gnu glibc 2.21
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 15.10
opensuse opensuse 13.2
redhat enterprise_linux_hpc_node_eus 7.2
hp helion_openstack 1.1.1
redhat enterprise_linux_hpc_node 7.0
suse linux_enterprise_server 12
hp helion_openstack 2.0.0
redhat enterprise_linux_server 7.0
f5 big-ip_link_controller 12.0.0
gnu glibc 2.11.2
gnu glibc 2.13
gnu glibc 2.14.1
gnu glibc 2.12
f5 big-ip_access_policy_manager 12.0.0
suse linux_enterprise_software_development_kit 11.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.2
suse linux_enterprise_desktop 12
suse linux_enterprise_software_development_kit 12
oracle exalogic_infrastructure 1.0
gnu glibc 2.15
gnu glibc 2.22
gnu glibc 2.9
gnu glibc 2.14
hp helion_openstack 2.1.0
CVE-2015-8605 MEDIUM

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.04
isc dhcp 4.1.1
isc dhcp 4.3.0
isc dhcp 4.3.2
isc dhcp 4.2.4
debian debian_linux 9.0
isc dhcp 4.3.3
isc dhcp 4.0.2
isc dhcp 4.0.0
isc dhcp 4.2.8
isc dhcp 4.2.3
isc dhcp 4.2.6
canonical ubuntu_linux 15.10
isc dhcp 4.2.5
isc dhcp 4.1-esv
debian debian_linux 7.0
isc dhcp 4.2.2
isc dhcp 4.2.7
isc dhcp 4.3.1
isc dhcp 4.0.3
isc dhcp 4.0.1
debian debian_linux 8.0
isc dhcp 4.2.1
isc dhcp 4.2.0
sophos unified_threat_management_up2date *
canonical ubuntu_linux 14.04
isc dhcp 4.1.0
isc dhcp 4.1.2
canonical ubuntu_linux 12.04
CVE-2016-0777 MEDIUM

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sophos unified_threat_management_software 9.353
openbsd openssh 6.4
openbsd openssh 5.5
openbsd openssh 5.4
hp remote_device_access_virtual_customer_access_system *
openbsd openssh 5.9
openbsd openssh 6.3
openbsd openssh 6.0
openbsd openssh 6.8
openbsd openssh 6.6
openbsd openssh 6.9
openbsd openssh 6.1
openbsd openssh 6.2
openbsd openssh 5.0
openbsd openssh 5.3
openbsd openssh 5.7
oracle linux 7
openbsd openssh 6.5
openbsd openssh 7.0
openbsd openssh 5.2
apple mac_os_x *
openbsd openssh 5.1
sophos unified_threat_management_software 9.318
openbsd openssh 5.8
oracle solaris 11.3
openbsd openssh 6.7
openbsd openssh 7.1
openbsd openssh 5.6
CVE-2016-0778 MEDIUM

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openssh 6.2
sophos unified_threat_management_software 9.353
openbsd openssh 6.4
openbsd openssh 5.5
openbsd openssh 5.7
oracle linux 7
openbsd openssh 5.4
openbsd openssh 6.5
openbsd openssh 7.0
apple mac_os_x *
openbsd openssh 5.9
openbsd openssh 6.3
openbsd openssh 5.8
openbsd openssh 6.0
openbsd openssh 6.8
openbsd openssh 6.6
openbsd openssh 6.9
oracle solaris 11.3
openbsd openssh 6.7
openbsd openssh 7.1
hp virtual_customer_access_system *
openbsd openssh 5.6
openbsd openssh 6.1
CVE-2016-2046 MEDIUM

Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos unified_threat_management_software *
CVE-2016-3968 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos cyberoam_cr100ing_utm_firmware 10.6.3_mr-1_build_503
sophos cyberoam_cr35ing_utm_firmware 10.6.2_build_378
sophos cyberoam_cr35ing_utm_firmware 10.6.2_mr-1_build_383
CVE-2016-6217 MEDIUM

Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos puremessage *
CVE-2016-6597 MEDIUM

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
sophos mobile_control_eas_proxy *
CVE-2016-7397 LOW

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sophos unified_threat_management_software *
CVE-2016-7442 LOW

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sophos unified_threat_management_software *
CVE-2016-7786 HIGH

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos cyberoam_cr25ing_utm_firmware 10.6.2
CVE-2016-8732 MEDIUM

Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-275,

Products Affected

Vendor Product Version
sophos invincea_dell_protected_workspace 5.1.1-22303
CVE-2016-9038 MEDIUM

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
sophos invincea-x 6.1.3-24058
CVE-2016-9553 HIGH

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
sophos web_appliance 4.2.1.3
CVE-2016-9554 HIGH

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
sophos web_appliance 4.2.1.3
CVE-2016-9834 MEDIUM

An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos cyberoam_firmware *
CVE-2017-17023 HIGH

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
ncp-e ncp_secure_entry_client 10.11
sophos ipsec_client 11.04
CVE-2017-18014 MEDIUM

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos sfos 17.0
sophos sfos *
CVE-2017-6007 MEDIUM

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos hitmanpro *
CVE-2017-6008 MEDIUM

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos hitmanpro *
CVE-2017-6182 HIGH

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sophos web_appliance *
CVE-2017-6183 MEDIUM

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
sophos web_appliance *
CVE-2017-6184 MEDIUM

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
sophos web_appliance *
CVE-2017-6315 HIGH

Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
sophos astaro_security_gateway_firmware 7.500
sophos astaro_security_gateway_firmware 7.506
CVE-2017-6412 MEDIUM

In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
sophos web_appliance *
CVE-2017-7441 HIGH

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos hitmanpro *
CVE-2017-9523 MEDIUM

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos web_appliance *
CVE-2018-16116 MEDIUM

SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
sophos sfos 17.0.8
CVE-2018-16117 HIGH

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sophos sfos 17.1
sophos sfos *
CVE-2018-16118 HIGH

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sophos sfos 17.0
sophos sfos 17.0.8
sophos sfos 17.1
sophos sfos *
sophos sfos 16.5
CVE-2018-3970 LOW

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

CVSS 2.0

Severity: LOW

Problem Type: CWE-908,

Products Affected

Vendor Product Version
sophos hitmanpro.alert 3.7.6.744
CVE-2018-3971 HIGH

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-123,

Products Affected

Vendor Product Version
sophos hitmanpro.alert 3.7.6.744
CVE-2018-4863 LOW

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.

CVSS 2.0

Severity: LOW

Problem Type: CWE-254,

Products Affected

Vendor Product Version
sophos endpoint_protection 10.7
CVE-2018-6318 HIGH

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
sophos sophos_tester 3.2.0.7
CVE-2018-6319 MEDIUM

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
sophos sophos_tester 3.2.0.7
CVE-2018-6851 HIGH

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos safeguard_enterprise_client 6.00.1
sophos safeguard_enterprise_client 5.60.3
sophos safeguard_easy_device_encryption_client 6.10
sophos safeguard_lan_crypt_client 3.90.1
sophos safeguard_easy_device_encryption_client 6.00
sophos safeguard_lan_crypt_client 3.95.1
sophos safeguard_enterprise_client 6.10
sophos safeguard_easy_device_encryption_client 7.00
sophos safeguard_enterprise_client 8.00
sophos safeguard_enterprise_client 7.00
sophos safeguard_enterprise_client 6.00
sophos safeguard_lan_crypt_client 3.90.2
CVE-2018-6852 HIGH

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos safeguard_enterprise_client 6.00.1
sophos safeguard_enterprise_client 5.60.3
sophos safeguard_easy_device_encryption_client 6.10
sophos safeguard_lan_crypt_client 3.90.1
sophos safeguard_easy_device_encryption_client 6.00
sophos safeguard_lan_crypt_client 3.95.1
sophos safeguard_enterprise_client 6.10
sophos safeguard_easy_device_encryption_client 7.00
sophos safeguard_enterprise_client 8.00
sophos safeguard_enterprise_client 7.00
sophos safeguard_enterprise_client 6.00
sophos safeguard_lan_crypt_client 3.90.2
CVE-2018-6853 HIGH

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos safeguard_enterprise_client 6.00.1
sophos safeguard_enterprise_client 5.60.3
sophos safeguard_easy_device_encryption_client 6.10
sophos safeguard_lan_crypt_client 3.90.1
sophos safeguard_easy_device_encryption_client 6.00
sophos safeguard_lan_crypt_client 3.95.1
sophos safeguard_enterprise_client 6.10
sophos safeguard_easy_device_encryption_client 7.00
sophos safeguard_enterprise_client 8.00
sophos safeguard_enterprise_client 7.00
sophos safeguard_enterprise_client 6.00
sophos safeguard_lan_crypt_client 3.90.2
CVE-2018-6854 HIGH

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000001A) to a user-controlled address. Also, note that all the aforementioned IOCTLs use transfer type METHOD_NEITHER, which means that the I/O manager does not validate any of the supplied pointers and buffer sizes. So, even though the driver checks for input/output buffer sizes, it doesn't validate if the pointers to those buffers are actually valid. So, we can supply a pointer for the output buffer to a kernel address space address, and the error code will be written there. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos safeguard_enterprise_client 6.00.1
sophos safeguard_enterprise_client 5.60.3
sophos safeguard_easy_device_encryption_client 6.10
sophos safeguard_lan_crypt_client 3.90.1
sophos safeguard_easy_device_encryption_client 6.00
sophos safeguard_lan_crypt_client 3.95.1
sophos safeguard_enterprise_client 6.10
sophos safeguard_easy_device_encryption_client 7.00
sophos safeguard_enterprise_client 8.00
sophos safeguard_enterprise_client 7.00
sophos safeguard_enterprise_client 6.00
sophos safeguard_lan_crypt_client 3.90.2
CVE-2018-6855 HIGH

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos safeguard_enterprise_client 6.00.1
sophos safeguard_enterprise_client 5.60.3
sophos safeguard_easy_device_encryption_client 6.10
sophos safeguard_lan_crypt_client 3.90.1
sophos safeguard_easy_device_encryption_client 6.00
sophos safeguard_lan_crypt_client 3.95.1
sophos safeguard_enterprise_client 6.10
sophos safeguard_easy_device_encryption_client 7.00
sophos safeguard_enterprise_client 8.00
sophos safeguard_enterprise_client 7.00
sophos safeguard_enterprise_client 6.00
sophos safeguard_lan_crypt_client 3.90.2
CVE-2018-6856 HIGH

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos safeguard_enterprise_client 6.00.1
sophos safeguard_enterprise_client 5.60.3
sophos safeguard_easy_device_encryption_client 6.10
sophos safeguard_lan_crypt_client 3.90.1
sophos safeguard_easy_device_encryption_client 6.00
sophos safeguard_lan_crypt_client 3.95.1
sophos safeguard_enterprise_client 6.10
sophos safeguard_easy_device_encryption_client 7.00
sophos safeguard_enterprise_client 8.00
sophos safeguard_enterprise_client 7.00
sophos safeguard_enterprise_client 6.00
sophos safeguard_lan_crypt_client 3.90.2
CVE-2018-6857 HIGH

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sophos safeguard_enterprise_client 6.00.1
sophos safeguard_enterprise_client 5.60.3
sophos safeguard_easy_device_encryption_client 6.10
sophos safeguard_lan_crypt_client 3.90.1
sophos safeguard_easy_device_encryption_client 6.00
sophos safeguard_lan_crypt_client 3.95.1
sophos safeguard_enterprise_client 6.10
sophos safeguard_easy_device_encryption_client 7.00
sophos safeguard_enterprise_client 8.00
sophos safeguard_enterprise_client 7.00
sophos safeguard_enterprise_client 6.00
sophos safeguard_lan_crypt_client 3.90.2
CVE-2018-9233 LOW

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.

CVSS 2.0

Severity: LOW

Problem Type: CWE-916,

Products Affected

Vendor Product Version
sophos endpoint_protection 10.7
CVE-2019-17059 HIGH

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sophos cyberoamos 10.6.6
sophos cyberoamos *
CVE-2020-10947 MEDIUM

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
sophos anti-virus_for_sophos_central *
sophos anti-virus_for_sophos_home *
CVE-2020-11503 HIGH

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
sophos sfos *
sophos sfos 17.5
CVE-2020-12271 HIGH

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
sophos sfos 17.0
sophos sfos 17.1
sophos sfos 18.0
sophos sfos 17.5
CVE-2020-14980 MEDIUM

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
sophos sophos_secure_email *
CVE-2020-15069 HIGH

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
sophos xg_firewall_firmware *
sophos xg_firewall_firmware 17.5
CVE-2020-15504 HIGH

A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
sophos xg_firewall_firmware *
sophos xg_firewall_firmware 17.5
sophos xg_firewall_firmware 18.0
CVE-2020-17352 MEDIUM

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sophos xg_firewall_firmware 17.5
sophos xg_firewall_firmware 18.0
CVE-2020-25223 HIGH

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sophos unified_threat_management *
sophos unified_threat_management 9.705
sophos unified_threat_management 9.511
sophos unified_threat_management 9.607
CVE-2020-29574 HIGH

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
sophos cyberoamos *
CVE-2020-36692

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
sophos web_appliance *
CVE-2020-9363 MEDIUM

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-436,

Products Affected

Vendor Product Version
sophos cloud_optix *
sophos endpoint_protection *
sophos mobile *
sophos intercept_x_for_server *
sophos secure_web_gateway *
sophos intercept_x_endpoint *
CVE-2020-9540 MEDIUM

Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos hitmanpro.alert *
CVE-2021-25264 HIGH

In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos home *
sophos intercept_x *
CVE-2021-25265 MEDIUM

A malicious website could execute code remotely in Sophos Connect Client before version 2.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos connect *
CVE-2021-25266 LOW

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.3 3.6
security-alert@sophos.com 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-922,

Products Affected

Vendor Product Version
sophos authenticator *
sophos intercept_x *
CVE-2021-25267 HIGH

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0
security-alert@sophos.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2021-25268 MEDIUM

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2021-25269 LOW

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-428,

Products Affected

Vendor Product Version
sophos exploit_prevention *
sophos intercept_x_for_server *
sophos intercept_x_endpoint *
CVE-2021-25270 HIGH

A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos hitmanpro.alert *
CVE-2021-25271 LOW

A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos hitmanpro *
CVE-2021-25273 LOW

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sophos unified_threat_management *
CVE-2021-36806

A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security-alert@sophos.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
sophos email_appliance *
CVE-2021-36807 MEDIUM

An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security-alert@sophos.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
sophos unified_threat_management_up2date *
CVE-2021-36808 MEDIUM

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 5.9 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 0.7 5.2
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
sophos sophos_secure_workspace *
CVE-2021-36809 LOW

A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos ssl_vpn_client -
CVE-2022-0331 MEDIUM

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos sfos *
CVE-2022-0386 MEDIUM

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
sophos unified_threat_management *
CVE-2022-0652 LOW

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-732,

Products Affected

Vendor Product Version
sophos unified_threat_management *
CVE-2022-1040 HIGH

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sophos sfos *
CVE-2022-1807

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
security-alert@sophos.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
sophos firewall 18.5
sophos firewall *
sophos firewall 19.0
CVE-2022-3226

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.

Products Affected

Vendor Product Version
sophos xg_firewall_firmware *
CVE-2022-3236

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-alert@sophos.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sophos firewall *
CVE-2022-3696

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.

Products Affected

Vendor Product Version
sophos xg_firewall_firmware *
CVE-2022-3709

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.

Products Affected

Vendor Product Version
sophos xg_firewall_firmware *
CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.

Products Affected

Vendor Product Version
sophos xg_firewall_firmware *
CVE-2022-3711

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.

Products Affected

Vendor Product Version
sophos xg_firewall_firmware *
CVE-2022-3713

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.

Products Affected

Vendor Product Version
sophos xg_firewall_firmware *
CVE-2022-3980

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.

Products Affected

Vendor Product Version
sophos mobile *
CVE-2022-48309

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4
security-alert@sophos.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
sophos connect *
CVE-2022-48310

An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security-alert@sophos.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
sophos connect *
CVE-2022-4901

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 1.8 1.4
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
sophos connect *
CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
sophos web_appliance *
CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-alert@sophos.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sophos web_appliance *
CVE-2023-33335

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.

Products Affected

Vendor Product Version
sophos iview -
CVE-2023-33336

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

Products Affected

Vendor Product Version
sophos web_appliance 4.3.9.1
CVE-2023-5552

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security-alert@sophos.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.5 4.0

Products Affected

Vendor Product Version
sophos firewall *
CVE-2024-12727

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security-alert@sophos.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
sophos taegis_endpoint_agent *
CVE-2024-13973

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2024-13974

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sophos firewall_firmware *
CVE-2025-7624

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-alert@sophos.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sophos firewall_firmware *