Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | small_business_suite | * |
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_antivirus | 7.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_intrusion_detection | 1.5 |
| sophos | sophos_anti-virus | 3.86 |
| broadcom | inoculateit | 6.0 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.1 |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| ca | etrust_secure_content_manager | 1.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_ez_armor | 2.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| sophos | sophos_anti-virus | 3.78d |
| archive_zip | archive_zip | 1.13 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.80 |
| broadcom | etrust_secure_content_manager | 1.0 |
| gentoo | linux | 1.4 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_ez_antivirus | 6.3 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_antivirus | 7.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_intrusion_detection | 1.5 |
| sophos | sophos_anti-virus | 3.86 |
| broadcom | inoculateit | 6.0 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.1 |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| ca | etrust_secure_content_manager | 1.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_ez_armor | 2.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| sophos | sophos_anti-virus | 3.78d |
| archive_zip | archive_zip | 1.13 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.80 |
| broadcom | etrust_secure_content_manager | 1.0 |
| gentoo | linux | 1.4 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_ez_antivirus | 6.3 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_antivirus | 7.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_intrusion_detection | 1.5 |
| sophos | sophos_anti-virus | 3.86 |
| broadcom | inoculateit | 6.0 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.1 |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| ca | etrust_secure_content_manager | 1.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_ez_armor | 2.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| sophos | sophos_anti-virus | 3.78d |
| archive_zip | archive_zip | 1.13 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.80 |
| broadcom | etrust_secure_content_manager | 1.0 |
| gentoo | linux | 1.4 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_ez_antivirus | 6.3 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_antivirus | 7.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_intrusion_detection | 1.5 |
| sophos | sophos_anti-virus | 3.86 |
| broadcom | inoculateit | 6.0 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.1 |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| ca | etrust_secure_content_manager | 1.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_ez_armor | 2.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| sophos | sophos_anti-virus | 3.78d |
| archive_zip | archive_zip | 1.13 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.80 |
| broadcom | etrust_secure_content_manager | 1.0 |
| gentoo | linux | 1.4 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_ez_antivirus | 6.3 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_antivirus | 7.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_intrusion_detection | 1.5 |
| sophos | sophos_anti-virus | 3.86 |
| broadcom | inoculateit | 6.0 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.1 |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| ca | etrust_secure_content_manager | 1.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_ez_armor | 2.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| sophos | sophos_anti-virus | 3.78d |
| archive_zip | archive_zip | 1.13 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.80 |
| broadcom | etrust_secure_content_manager | 1.0 |
| gentoo | linux | 1.4 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_ez_antivirus | 6.3 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_antivirus | 7.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_intrusion_detection | 1.5 |
| sophos | sophos_anti-virus | 3.86 |
| broadcom | inoculateit | 6.0 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.1 |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| ca | etrust_secure_content_manager | 1.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_ez_armor | 2.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| sophos | sophos_anti-virus | 3.78d |
| archive_zip | archive_zip | 1.13 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.80 |
| broadcom | etrust_secure_content_manager | 1.0 |
| gentoo | linux | 1.4 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_ez_antivirus | 6.3 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mandrakesoft | mandrake_linux | 10.1 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_antivirus | 7.1 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| sophos | sophos_anti-virus | 3.84 |
| broadcom | etrust_intrusion_detection | 1.5 |
| sophos | sophos_anti-virus | 3.86 |
| broadcom | inoculateit | 6.0 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| broadcom | etrust_secure_content_manager | 1.1 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.1 |
| eset_software | nod32_antivirus | 1.0.12 |
| broadcom | etrust_ez_armor | 2.4 |
| gentoo | linux | * |
| ca | etrust_secure_content_manager | 1.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | etrust_ez_armor | 2.0 |
| mcafee | antivirus_engine | 4.3.20 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| broadcom | etrust_antivirus | 7.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| sophos | sophos_anti-virus | 3.78d |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| suse | suse_linux | 9.2 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| eset_software | nod32_antivirus | 1.0.11 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.80 |
| broadcom | etrust_secure_content_manager | 1.0 |
| gentoo | linux | 1.4 |
| ca | etrust_antivirus | 7.0_sp2 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_ez_antivirus | 6.3 |
| eset_software | nod32_antivirus | 1.0.13 |
| broadcom | etrust_ez_antivirus | 6.2 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.4.6 |
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | astaro_security_linux | * |
Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 5.0.1 |
| sophos | sophos_anti-virus | 3.85 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_mailmonitor_for_notes_domino | * |
| sophos | sophos_anti-virus | 3.80 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.90 |
| sophos | sophos_mailmonitor | 2.1 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.91 |
| sophos | sophos_anti-virus | 3.4.6 |
| sophos | sophos_small_business_suite | 1.0 |
| sophos | sophos_mailmonitor | 2.0 |
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 3.93 |
Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 5.0.1 |
| sophos | sophos_anti-virus | 3.85 |
| sophos | sophos_anti-virus | 5.0.4 |
| sophos | sophos_anti-virus | 3.78d |
| sophos | sophos_anti-virus | 3.84 |
| sophos | sophos_anti-virus | 3.86 |
| sophos | sophos_anti-virus | 3.80 |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_anti-virus | 3.78 |
| sophos | sophos_anti-virus | 3.82 |
| sophos | sophos_anti-virus | 3.83 |
| sophos | sophos_anti-virus | 3.95 |
| sophos | sophos_anti-virus | 4.5.3 |
| sophos | sophos_anti-virus | 3.90 |
| sophos | sophos_anti-virus | 3.79 |
| sophos | sophos_anti-virus | 3.91 |
| sophos | sophos_anti-virus | 3.4.6 |
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | * |
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 3.91_engine_2.28.4 |
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 4.04 |
| sophos | sophos_anti-virus | * |
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | * |
Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | anti-virus | 5.0.2 |
| sophos | anti-virus | * |
| sophos | anti-virus | 3.82 |
| sophos | anti-virus | 3.81 |
| sophos | anti-virus | 3.79 |
| sophos | anti-virus | 7.6.16 |
| sophos | anti-virus | 7.6 |
| sophos | anti-virus | 7.0.5 |
| sophos | anti-virus | 5.0.9 |
| sophos | anti-virus | 6.0.4 |
| sophos | anti-virus | 5.0.1 |
| sophos | anti-virus | 4.03 |
| sophos | anti-virus | 5.1 |
| sophos | anti-virus | 3.78 |
| sophos | anti-virus | 3.84 |
| sophos | anti-virus | 3.85 |
| sophos | anti-virus | 4.5.4 |
| sophos | anti-virus | 3.4.6 |
| sophos | anti-virus | 3.78d |
| sophos | anti-virus | 5.2.1 |
| sophos | anti-virus | 3.80 |
| sophos | anti-virus | 4.7.2 |
| sophos | anti-virus | 3.83 |
| sophos | anti-virus | 4.04 |
| sophos | anti-virus | 4.7.1 |
| sophos | anti-virus | 4.5.11 |
| sophos | anti-virus | 4.5.12 |
| sophos | anti-virus | 4.33.0 |
| sophos | anti-virus | 7.6.14 |
| sophos | anti-virus | 7.6.18 |
| sophos | anti-virus | 5.2 |
| sophos | anti-virus | 7.6.17 |
| sophos | anti-virus | 3.91 |
| sophos | anti-virus | 5.0.4 |
| sophos | anti-virus | 7.0 |
| sophos | anti-virus | 4.5.3 |
| sophos | anti-virus | 3.95 |
| sophos | anti-virus | 6.5 |
| sophos | anti-virus | 3.96.0 |
| sophos | anti-virus | 7.6.15 |
| sophos | anti-virus | 3.90 |
| sophos | anti-virus | 3.86 |
| sophos | anti-virus | 4.05 |
Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_endpoint_security_and_control | 9.0.5 |
The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cat | quick_heal | 11.00 |
| antiy | avl_sdk | 2.0.3.7 |
| sophos | sophos_anti-virus | 4.61.0 |
| jiangmin | jiangmin_antivirus | 13.0.900 |
| pc_tools | pc_tools_antivirus | 7.0.3.5 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cat | quick_heal | 11.00 |
| sophos | sophos_anti-virus | 4.61.0 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cat | quick_heal | 11.00 |
| sophos | sophos_anti-virus | 4.61.0 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| f-secure | anti-virus | 9.0.16160.0 |
| sophos | sophos_anti-virus | 4.61.0 |
| comodo | comodo_antivirus | 7424 |
| bitdefender | bitdefender | 7.2 |
| aladdin | esafe | 7.0.17.0 |
| mcafee | gateway | 2010.1c |
| nprotect | nprotect_antivirus | 2011-01-17.01 |
| rising-global | rising_antivirus | 22.83.00.03 |
| mcafee | scan_engine | 5.400.0.1158 |
The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| f-prot | f-prot_antivirus | 4.6.2.117 |
| authentium | command_antivirus | 5.2.11.5 |
| sophos | sophos_anti-virus | 4.61.0 |
| comodo | comodo_antivirus | 7424 |
| bitdefender | bitdefender | 7.2 |
| aladdin | esafe | 7.0.17.0 |
| mcafee | gateway | 2010.1c |
| nprotect | nprotect_antivirus | 2011-01-17.01 |
| rising-global | rising_antivirus | 22.83.00.03 |
| f-secure | f-secure_anti-virus | 9.0.16160.0 |
The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 4.61.0 |
| comodo | comodo_antivirus | 7425 |
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cat | quick_heal | 11.00 |
| antiy | avl_sdk | 2.0.3.7 |
| sophos | sophos_anti-virus | 4.61.0 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| aladdin | esafe | 7.0.17.0 |
| mcafee | gateway | 2010.1c |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| rising-global | rising_antivirus | 22.83.00.03 |
| mcafee | scan_engine | 5.400.0.1158 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| f-secure | f-secure_anti-virus | 9.0.16160.0 |
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| comodo | comodo_antivirus | 7424 |
| alwil | avast_antivirus | 4.8.1351.0 |
| trendmicro | housecall | 9.120.0.1004 |
| mcafee | gateway | 2010.1c |
| avg | avg_anti-virus | 10.0.0.1190 |
| microsoft | security_essentials | 2.0 |
| emsisoft | anti-malware | 5.1.0.1 |
| gdata-software | g_data_antivirus | 21 |
| rising-global | rising_antivirus | 22.83.00.03 |
| f-secure | f-secure_anti-virus | 9.0.16160.0 |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 |
| aladdin | esafe | 7.0.17.0 |
| eset | nod32_antivirus | 5795 |
| k7computing | antivirus | 9.77.3565 |
| virusbuster | virusbuster | 13.6.151.0 |
| sophos | sophos_anti-virus | 4.61.0 |
| symantec | endpoint_protection | 11.0 |
| clamav | clamav | 0.96.4 |
| nprotect | nprotect_antivirus | 2011-01-17.01 |
| pc_tools | pc_tools_antivirus | 7.0.3.5 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
| f-prot | f-prot_antivirus | 4.6.2.117 |
| cat | quick_heal | 11.00 |
| authentium | command_antivirus | 5.2.11.5 |
| anti-virus | vba32 | 3.12.14.2 |
| antiy | avl_sdk | 2.0.3.7 |
| bitdefender | bitdefender | 7.2 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| alwil | avast_antivirus | 5.0.677.0 |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 |
| jiangmin | jiangmin_antivirus | 13.0.900 |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| avira | antivir | 7.11.1.163 |
| ahnlab | v3_internet_security | 2011.01.18.00 |
| mcafee | scan_engine | 5.400.0.1158 |
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 4.61.0 |
| symantec | endpoint_protection | 11.0 |
| mcafee | gateway | 2010.1c |
| pc_tools | pc_tools_antivirus | 7.0.3.5 |
| ca | etrust_vet_antivirus | 36.1.8511 |
| rising-global | rising_antivirus | 22.83.00.03 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
| cat | quick_heal | 11.00 |
| antiy | avl_sdk | 2.0.3.7 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| aladdin | esafe | 7.0.17.0 |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| mcafee | scan_engine | 5.400.0.1158 |
The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 4.61.0 |
| emsisoft | anti-malware | 5.1.0.1 |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 |
The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 4.61.0 |
| trendmicro | housecall | 9.120.0.1004 |
| mcafee | gateway | 2010.1c |
| drweb | dr.web_antivirus | 5.0.2.03300 |
| microsoft | security_essentials | 2.0 |
| emsisoft | anti-malware | 5.1.0.1 |
| ca | etrust_vet_antivirus | 36.1.8511 |
| rising-global | rising_antivirus | 22.83.00.03 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 |
| antiy | avl_sdk | 2.0.3.7 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 |
| fortinet | fortinet_antivirus | 4.2.254.0 |
The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 4.61.0 |
| comodo | comodo_antivirus | 7424 |
| trendmicro | housecall | 9.120.0.1004 |
| symantec | endpoint_protection | 11.0 |
| mcafee | gateway | 2010.1c |
| avg | avg_anti-virus | 10.0.0.1190 |
| emsisoft | anti-malware | 5.1.0.1 |
| rising-global | rising_antivirus | 22.83.00.03 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 |
| f-prot | f-prot_antivirus | 4.6.2.117 |
| cat | quick_heal | 11.00 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| aladdin | esafe | 7.0.17.0 |
| eset | nod32_antivirus | 5795 |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 |
| jiangmin | jiangmin_antivirus | 13.0.900 |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| mcafee | scan_engine | 5.400.0.1158 |
The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 4.61.0 |
| clamav | clamav | 0.96.4 |
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| comodo | comodo_antivirus | 7424 |
| alwil | avast_antivirus | 4.8.1351.0 |
| trendmicro | housecall | 9.120.0.1004 |
| mcafee | gateway | 2010.1c |
| avg | avg_anti-virus | 10.0.0.1190 |
| microsoft | security_essentials | 2.0 |
| emsisoft | anti-malware | 5.1.0.1 |
| gdata-software | g_data_antivirus | 21 |
| rising-global | rising_antivirus | 22.83.00.03 |
| f-secure | f-secure_anti-virus | 9.0.16160.0 |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 |
| eset | nod32_antivirus | 5795 |
| k7computing | antivirus | 9.77.3565 |
| virusbuster | virusbuster | 13.6.151.0 |
| sophos | sophos_anti-virus | 4.61.0 |
| symantec | endpoint_protection | 11.0 |
| clamav | clamav | 0.96.4 |
| nprotect | nprotect_antivirus | 2011-01-17.01 |
| pc_tools | pc_tools_antivirus | 7.0.3.5 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
| f-prot | f-prot_antivirus | 4.6.2.117 |
| cat | quick_heal | 11.00 |
| authentium | command_antivirus | 5.2.11.5 |
| anti-virus | vba32 | 3.12.14.2 |
| antiy | avl_sdk | 2.0.3.7 |
| bitdefender | bitdefender | 7.2 |
| pandasecurity | panda_antivirus | 10.0.2.7 |
| alwil | avast_antivirus | 5.0.677.0 |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 |
| jiangmin | jiangmin_antivirus | 13.0.900 |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| avira | antivir | 7.11.1.163 |
| ahnlab | v3_internet_security | 2011.01.18.00 |
| mcafee | scan_engine | 5.400.0.1158 |
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_anti-virus | 4.61.0 |
| trendmicro | housecall | 9.120.0.1004 |
| symantec | endpoint_protection | 11.0 |
| mcafee | gateway | 2010.1c |
| avg | avg_anti-virus | 10.0.0.1190 |
| emsisoft | anti-malware | 5.1.0.1 |
| rising-global | rising_antivirus | 22.83.00.03 |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 |
| f-secure | f-secure_anti-virus | 9.0.16160.0 |
| norman | norman_antivirus_&_antispyware | 6.06.12 |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 |
| authentium | command_antivirus | 5.2.11.5 |
| anti-virus | vba32 | 3.12.14.2 |
| bitdefender | bitdefender | 7.2 |
| eset | nod32_antivirus | 5795 |
| trendmicro | trend_micro_antivirus | 9.120.0.1004 |
| k7computing | antivirus | 9.77.3565 |
| jiangmin | jiangmin_antivirus | 13.0.900 |
| fortinet | fortinet_antivirus | 4.2.254.0 |
| mcafee | scan_engine | 5.400.0.1158 |
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management | 120 |
| sophos | unified_threat_management | 425 |
| sophos | unified_threat_management | 110 |
| sophos | unified_threat_management_software | * |
| astaro | security_gateway_software | * |
| astaro | security_gateway | * |
| sophos | unified_threat_management | 625 |
| sophos | unified_threat_management | 320 |
| sophos | unified_threat_management | 220 |
| sophos | unified_threat_management | 525 |
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rarlab | unrar | * |
| sophos | threat_detection_engine | * |
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance_firmware | * |
| sophos | web_appliance | - |
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance_firmware | * |
| sophos | web_appliance | - |
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance_firmware | * |
| sophos | web_appliance | - |
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance_firmware | 3.4.8 |
| sophos | web_appliance_firmware | 3.2.1 |
| sophos | web_appliance_firmware | 3.3.2 |
| sophos | web_appliance_firmware | 3.5.6 |
| sophos | web_appliance_firmware | 3.2.3 |
| sophos | web_appliance_firmware | 3.3.1 |
| sophos | web_appliance_firmware | 3.8.1 |
| sophos | web_appliance_firmware | 3.4.7 |
| sophos | web_appliance_firmware | 3.4.0 |
| sophos | web_appliance_firmware | 3.3.4 |
| sophos | web_appliance_firmware | 3.7.6 |
| sophos | web_appliance_firmware | 3.6.2.4.0 |
| sophos | web_appliance_firmware | 3.6.2.1 |
| sophos | web_appliance_firmware | 3.5.4 |
| sophos | web_appliance_firmware | 3.3.3.1 |
| sophos | web_appliance_firmware | 3.7.2 |
| sophos | web_appliance_firmware | 3.7.4 |
| sophos | web_appliance_firmware | 3.1.0.1 |
| sophos | web_appliance_firmware | 3.2.4 |
| sophos | web_appliance_firmware | 3.5.2 |
| sophos | web_appliance_firmware | 3.1.0 |
| sophos | web_appliance_firmware | 3.4.4 |
| sophos | web_appliance_firmware | 3.1.3 |
| sophos | web_appliance_firmware | 3.7.7 |
| sophos | web_appliance_firmware | 3.6.2.3 |
| sophos | web_appliance_firmware | 3.5.1.2 |
| sophos | web_appliance_firmware | 3.2.7 |
| sophos | web_appliance_firmware | 3.3.0 |
| sophos | web_appliance_firmware | 3.6.4.1 |
| sophos | web_appliance_firmware | 3.2.5 |
| sophos | web_appliance_firmware | 3.4.5 |
| sophos | web_appliance_firmware | 3.7.8.2 |
| sophos | web_appliance_firmware | 3.7.8 |
| sophos | web_appliance_firmware | 3.5.1 |
| sophos | web_appliance_firmware | 3.1.4 |
| sophos | web_appliance_firmware | 3.2.2 |
| sophos | web_appliance_firmware | 3.3.5 |
| sophos | web_appliance_firmware | 3.0.1.1 |
| sophos | web_appliance_firmware | 3.6.2 |
| sophos | web_appliance_firmware | 3.4.6 |
| sophos | web_appliance_firmware | 3.6.2.4.1 |
| sophos | web_appliance_firmware | 3.7.3 |
| sophos | web_appliance_firmware | 3.6.1.1 |
| sophos | web_appliance_firmware | 3.3.6 |
| sophos | web_appliance_firmware | 3.0.5 |
| sophos | web_appliance_firmware | 3.7.8.1 |
| sophos | web_appliance_firmware | 3.0.5.1 |
| sophos | web_appliance_firmware | 3.3.5.1 |
| sophos | web_appliance_firmware | 3.7.0 |
| sophos | web_appliance_firmware | 3.6.4 |
| sophos | web_appliance_firmware | 3.0.2 |
| sophos | web_appliance_firmware | 3.1.2 |
| sophos | web_appliance_firmware | 3.8.0 |
| sophos | web_appliance_firmware | 3.5.3 |
| sophos | web_appliance_firmware | 3.5.0 |
| sophos | web_appliance_firmware | 3.4.3 |
| sophos | web_appliance_firmware | 3.6.4.2 |
| sophos | web_appliance_firmware | 3.3.3 |
| sophos | web_appliance_firmware | 3.7.5 |
| sophos | web_appliance_firmware | 3.2.6 |
| sophos | web_appliance_firmware | * |
| sophos | web_appliance_firmware | 3.4.3.1 |
| sophos | web_appliance_firmware | 3.7.1 |
| sophos | web_appliance_firmware | 3.0.1 |
| sophos | web_appliance_firmware | 3.5.5 |
| sophos | web_appliance_firmware | 3.3.6.1 |
| sophos | web_appliance_firmware | 3.6.1 |
| sophos | web_appliance_firmware | 3.4.2 |
| sophos | web_appliance_firmware | 3.5.1.1 |
| sophos | web_appliance_firmware | 3.0.4 |
| sophos | web_appliance_firmware | 3.0.3 |
| sophos | web_appliance_firmware | 3.6.3 |
| sophos | web_appliance_firmware | 3.0.0 |
| sophos | web_appliance_firmware | 3.2.2.1 |
| sophos | web_appliance_firmware | 3.4.1 |
| sophos | web_appliance_firmware | 3.1.1 |
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | 3.4.3.1 |
| sophos | web_appliance | 3.3.5 |
| sophos | web_appliance | 3.2.1 |
| sophos | web_appliance | 3.7.8 |
| sophos | web_appliance | 3.7.6 |
| sophos | web_appliance | 3.6.1.1 |
| sophos | web_appliance | 3.6.2.3 |
| sophos | web_appliance | 3.3.6 |
| sophos | web_appliance | 3.5.0 |
| sophos | web_appliance | 3.6.1 |
| sophos | web_appliance | 3.0.4 |
| sophos | web_appliance | 3.6.4.2 |
| sophos | web_appliance | 3.4.3 |
| sophos | web_appliance | 3.7.3 |
| sophos | web_appliance | 3.7.0 |
| sophos | web_appliance | 3.2.2.1 |
| sophos | web_appliance | 3.3.1 |
| sophos | web_appliance | 3.5.4 |
| sophos | web_appliance | 3.2.4 |
| sophos | web_appliance | 3.7.8.2 |
| sophos | web_appliance | 3.4.5 |
| sophos | web_appliance | 3.6.4.1 |
| sophos | web_appliance | 3.0.5 |
| sophos | web_appliance | 3.6.2.4.1 |
| sophos | web_appliance | * |
| sophos | web_appliance | 3.0.3 |
| sophos | web_appliance | 3.7.5 |
| sophos | web_appliance | 3.7.2 |
| sophos | web_appliance | 3.4.8 |
| sophos | web_appliance | 3.0.1 |
| sophos | web_appliance | 3.5.6 |
| sophos | web_appliance | 3.6.2.1 |
| sophos | web_appliance | 3.7.4 |
| sophos | web_appliance | 3.5.1.1 |
| sophos | web_appliance | 3.1.3 |
| sophos | web_appliance | 3.4.6 |
| sophos | web_appliance | 3.0.1.1 |
| sophos | web_appliance | 3.3.0 |
| sophos | web_appliance | 3.6.3 |
| sophos | web_appliance | 3.1.2 |
| sophos | web_appliance | 3.4.0 |
| sophos | web_appliance | 3.4.2 |
| sophos | web_appliance | 3.3.5.1 |
| sophos | web_appliance | 3.4.4 |
| sophos | web_appliance | 3.5.1 |
| sophos | web_appliance | 3.5.2 |
| sophos | web_appliance | 3.1.0 |
| sophos | web_appliance | 3.8.0 |
| sophos | web_appliance | 3.6.2 |
| sophos | web_appliance | 3.0.0 |
| sophos | web_appliance | 3.7.7 |
| sophos | web_appliance | 3.0.5.1 |
| sophos | web_appliance | 3.3.4 |
| sophos | web_appliance | 3.2.6 |
| sophos | web_appliance | 3.4.7 |
| sophos | web_appliance | 3.6.2.4.0 |
| sophos | web_appliance | 3.6.4 |
| sophos | web_appliance | 3.3.3 |
| sophos | web_appliance | 3.1.4 |
| sophos | web_appliance | 3.3.2 |
| sophos | web_appliance | 3.3.3.1 |
| sophos | web_appliance | 3.4.1 |
| sophos | web_appliance | 3.5.3 |
| sophos | web_appliance | 3.7.1 |
| sophos | web_appliance | 3.2.3 |
| sophos | web_appliance | 3.3.6.1 |
| sophos | web_appliance | 3.5.5 |
| sophos | web_appliance | 3.2.7 |
| sophos | web_appliance | 3.7.8.1 |
| sophos | web_appliance | 3.8.1 |
| sophos | web_appliance | 3.1.0.1 |
| sophos | web_appliance | 3.2.2 |
| sophos | web_appliance | 3.1.1 |
| sophos | web_appliance | 3.0.2 |
| sophos | web_appliance | 3.2.5 |
| sophos | web_appliance | 3.5.1.2 |
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management_software | 9.007 |
Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | scanning_engine | * |
| sophos | sophos_anti-virus | 10.0.11 |
Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | enterprise_console | * |
| sophos | enterprise_console | 5.2 |
| sophos | enterprise_console | 5.2.1 |
| sophos | enterprise_console | 5.1 |
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | anti-virus | * |
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management_software | 9.007 |
| sophos | unified_threat_management_software | 9.107 |
| sophos | unified_threat_management | 120 |
| sophos | unified_threat_management | 425 |
| sophos | unified_threat_management | 110 |
| sophos | unified_threat_management_software | * |
| sophos | unified_threat_management | 625 |
| sophos | unified_threat_management | 320 |
| sophos | unified_threat_management | 220 |
| sophos | unified_threat_management_software | 8.3 |
| sophos | unified_threat_management | 525 |
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance_firmware | 3.4.8 |
| sophos | web_appliance_firmware | 3.2.1 |
| sophos | web_appliance_firmware | 3.3.2 |
| sophos | web_appliance_firmware | 3.5.6 |
| sophos | web_appliance_firmware | 3.2.3 |
| sophos | web_appliance_firmware | 3.3.1 |
| sophos | web_appliance_firmware | 3.8.1 |
| sophos | web_appliance_firmware | 3.4.7 |
| sophos | web_appliance_firmware | 3.4.0 |
| sophos | web_appliance_firmware | 3.3.4 |
| sophos | web_appliance_firmware | 3.7.6 |
| sophos | web_appliance_firmware | 3.6.2.4.0 |
| sophos | web_appliance_firmware | 3.6.2.1 |
| sophos | web_appliance_firmware | 3.5.4 |
| sophos | web_appliance_firmware | 3.3.3.1 |
| sophos | web_appliance_firmware | 3.7.2 |
| sophos | web_appliance_firmware | 3.7.4 |
| sophos | web_appliance_firmware | 3.1.0.1 |
| sophos | web_appliance_firmware | 3.2.4 |
| sophos | web_appliance_firmware | 3.5.2 |
| sophos | web_appliance_firmware | 3.1.0 |
| sophos | web_appliance_firmware | 3.4.4 |
| sophos | web_appliance | - |
| sophos | web_appliance_firmware | 3.1.3 |
| sophos | web_appliance_firmware | 3.7.7 |
| sophos | web_appliance_firmware | 3.6.2.3 |
| sophos | web_appliance_firmware | 3.5.1.2 |
| sophos | web_appliance_firmware | 3.2.7 |
| sophos | web_appliance_firmware | 3.3.0 |
| sophos | web_appliance_firmware | 3.6.4.1 |
| sophos | web_appliance_firmware | 3.7.9.1 |
| sophos | web_appliance_firmware | 3.2.5 |
| sophos | web_appliance_firmware | 3.4.5 |
| sophos | web_appliance_firmware | 3.7.8.2 |
| sophos | web_appliance_firmware | 3.7.8 |
| sophos | web_appliance_firmware | 3.7.9 |
| sophos | web_appliance_firmware | 3.5.1 |
| sophos | web_appliance_firmware | 3.1.4 |
| sophos | web_appliance_firmware | 3.2.2 |
| sophos | web_appliance_firmware | 3.3.5 |
| sophos | web_appliance_firmware | 3.0.1.1 |
| sophos | web_appliance_firmware | 3.6.2 |
| sophos | web_appliance_firmware | 3.4.6 |
| sophos | web_appliance_firmware | 3.6.2.4.1 |
| sophos | web_appliance_firmware | 3.7.3 |
| sophos | web_appliance_firmware | 3.6.1.1 |
| sophos | web_appliance_firmware | 3.3.6 |
| sophos | web_appliance_firmware | 3.0.5 |
| sophos | web_appliance_firmware | 3.7.8.1 |
| sophos | web_appliance_firmware | 3.0.5.1 |
| sophos | web_appliance_firmware | 3.3.5.1 |
| sophos | web_appliance_firmware | 3.7.0 |
| sophos | web_appliance_firmware | 3.6.4 |
| sophos | web_appliance_firmware | 3.0.2 |
| sophos | web_appliance_firmware | 3.1.2 |
| sophos | web_appliance_firmware | 3.8.0 |
| sophos | web_appliance_firmware | 3.5.3 |
| sophos | web_appliance_firmware | 3.5.0 |
| sophos | web_appliance_firmware | 3.4.3 |
| sophos | web_appliance_firmware | 3.6.4.2 |
| sophos | web_appliance_firmware | 3.3.3 |
| sophos | web_appliance_firmware | 3.7.5 |
| sophos | web_appliance_firmware | 3.2.6 |
| sophos | web_appliance_firmware | * |
| sophos | web_appliance_firmware | 3.4.3.1 |
| sophos | web_appliance_firmware | 3.7.1 |
| sophos | web_appliance_firmware | 3.0.1 |
| sophos | web_appliance_firmware | 3.5.5 |
| sophos | web_appliance_firmware | 3.3.6.1 |
| sophos | web_appliance_firmware | 3.6.1 |
| sophos | web_appliance_firmware | 3.4.2 |
| sophos | web_appliance_firmware | 3.5.1.1 |
| sophos | web_appliance_firmware | 3.0.4 |
| sophos | web_appliance_firmware | 3.0.3 |
| sophos | web_appliance_firmware | 3.6.3 |
| sophos | web_appliance_firmware | 3.0.0 |
| sophos | web_appliance_firmware | 3.2.2.1 |
| sophos | web_appliance_firmware | 3.4.1 |
| sophos | web_appliance_firmware | 3.1.1 |
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance_firmware | 3.4.8 |
| sophos | web_appliance_firmware | 3.2.1 |
| sophos | web_appliance_firmware | 3.3.2 |
| sophos | web_appliance_firmware | 3.5.6 |
| sophos | web_appliance_firmware | 3.2.3 |
| sophos | web_appliance_firmware | 3.3.1 |
| sophos | web_appliance_firmware | 3.8.1 |
| sophos | web_appliance_firmware | 3.4.7 |
| sophos | web_appliance_firmware | 3.4.0 |
| sophos | web_appliance_firmware | 3.3.4 |
| sophos | web_appliance_firmware | 3.7.6 |
| sophos | web_appliance_firmware | 3.6.2.4.0 |
| sophos | web_appliance_firmware | 3.6.2.1 |
| sophos | web_appliance_firmware | 3.5.4 |
| sophos | web_appliance_firmware | 3.3.3.1 |
| sophos | web_appliance_firmware | 3.7.2 |
| sophos | web_appliance_firmware | 3.7.4 |
| sophos | web_appliance_firmware | 3.1.0.1 |
| sophos | web_appliance_firmware | 3.2.4 |
| sophos | web_appliance_firmware | 3.5.2 |
| sophos | web_appliance_firmware | 3.1.0 |
| sophos | web_appliance_firmware | 3.4.4 |
| sophos | web_appliance | - |
| sophos | web_appliance_firmware | 3.1.3 |
| sophos | web_appliance_firmware | 3.7.7 |
| sophos | web_appliance_firmware | 3.6.2.3 |
| sophos | web_appliance_firmware | 3.5.1.2 |
| sophos | web_appliance_firmware | 3.2.7 |
| sophos | web_appliance_firmware | 3.3.0 |
| sophos | web_appliance_firmware | 3.6.4.1 |
| sophos | web_appliance_firmware | 3.7.9.1 |
| sophos | web_appliance_firmware | 3.2.5 |
| sophos | web_appliance_firmware | 3.4.5 |
| sophos | web_appliance_firmware | 3.7.8.2 |
| sophos | web_appliance_firmware | 3.7.8 |
| sophos | web_appliance_firmware | 3.7.9 |
| sophos | web_appliance_firmware | 3.5.1 |
| sophos | web_appliance_firmware | 3.1.4 |
| sophos | web_appliance_firmware | 3.2.2 |
| sophos | web_appliance_firmware | 3.3.5 |
| sophos | web_appliance_firmware | 3.0.1.1 |
| sophos | web_appliance_firmware | 3.6.2 |
| sophos | web_appliance_firmware | 3.4.6 |
| sophos | web_appliance_firmware | 3.6.2.4.1 |
| sophos | web_appliance_firmware | 3.7.3 |
| sophos | web_appliance_firmware | 3.6.1.1 |
| sophos | web_appliance_firmware | 3.3.6 |
| sophos | web_appliance_firmware | 3.0.5 |
| sophos | web_appliance_firmware | 3.7.8.1 |
| sophos | web_appliance_firmware | 3.0.5.1 |
| sophos | web_appliance_firmware | 3.3.5.1 |
| sophos | web_appliance_firmware | 3.7.0 |
| sophos | web_appliance_firmware | 3.6.4 |
| sophos | web_appliance_firmware | 3.0.2 |
| sophos | web_appliance_firmware | 3.1.2 |
| sophos | web_appliance_firmware | 3.8.0 |
| sophos | web_appliance_firmware | 3.5.3 |
| sophos | web_appliance_firmware | 3.5.0 |
| sophos | web_appliance_firmware | 3.4.3 |
| sophos | web_appliance_firmware | 3.6.4.2 |
| sophos | web_appliance_firmware | 3.3.3 |
| sophos | web_appliance_firmware | 3.7.5 |
| sophos | web_appliance_firmware | 3.2.6 |
| sophos | web_appliance_firmware | * |
| sophos | web_appliance_firmware | 3.4.3.1 |
| sophos | web_appliance_firmware | 3.7.1 |
| sophos | web_appliance_firmware | 3.0.1 |
| sophos | web_appliance_firmware | 3.5.5 |
| sophos | web_appliance_firmware | 3.3.6.1 |
| sophos | web_appliance_firmware | 3.6.1 |
| sophos | web_appliance_firmware | 3.4.2 |
| sophos | web_appliance_firmware | 3.5.1.1 |
| sophos | web_appliance_firmware | 3.0.4 |
| sophos | web_appliance_firmware | 3.0.3 |
| sophos | web_appliance_firmware | 3.6.3 |
| sophos | web_appliance_firmware | 3.0.0 |
| sophos | web_appliance_firmware | 3.2.2.1 |
| sophos | web_appliance_firmware | 3.4.1 |
| sophos | web_appliance_firmware | 3.1.1 |
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.11.1 |
| f5 | big-ip_application_acceleration_manager | 12.0.0 |
| redhat | enterprise_linux_server_eus | 7.2 |
| f5 | big-ip_advanced_firewall_manager | 12.0.0 |
| gnu | glibc | 2.16 |
| gnu | glibc | 2.19 |
| gnu | glibc | 2.20 |
| gnu | glibc | 2.11.3 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise_server | 11.0 |
| gnu | glibc | 2.18 |
| gnu | glibc | 2.10.1 |
| f5 | big-ip_local_traffic_manager | 12.0.0 |
| canonical | ubuntu_linux | 14.04 |
| gnu | glibc | 2.17 |
| sophos | unified_threat_management_software | 9.319 |
| hp | server_migration_pack | 7.5 |
| f5 | big-ip_application_security_manager | 12.0.0 |
| f5 | big-ip_domain_name_system | 12.0.0 |
| suse | linux_enterprise_debuginfo | 11.0 |
| gnu | glibc | 2.11 |
| sophos | unified_threat_management_software | 9.355 |
| gnu | glibc | 2.12.2 |
| gnu | glibc | 2.12.1 |
| canonical | ubuntu_linux | 12.04 |
| oracle | exalogic_infrastructure | 2.0 |
| suse | linux_enterprise_desktop | 11.0 |
| f5 | big-ip_analytics | 12.0.0 |
| f5 | big-ip_policy_enforcement_manager | 12.0.0 |
| oracle | fujitsu_m10_firmware | * |
| suse | suse_linux_enterprise_server | 12 |
| gnu | glibc | 2.10 |
| gnu | glibc | 2.21 |
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 15.10 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_hpc_node_eus | 7.2 |
| hp | helion_openstack | 1.1.1 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| suse | linux_enterprise_server | 12 |
| hp | helion_openstack | 2.0.0 |
| redhat | enterprise_linux_server | 7.0 |
| f5 | big-ip_link_controller | 12.0.0 |
| gnu | glibc | 2.11.2 |
| gnu | glibc | 2.13 |
| gnu | glibc | 2.14.1 |
| gnu | glibc | 2.12 |
| f5 | big-ip_access_policy_manager | 12.0.0 |
| suse | linux_enterprise_software_development_kit | 11.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| suse | linux_enterprise_desktop | 12 |
| suse | linux_enterprise_software_development_kit | 12 |
| oracle | exalogic_infrastructure | 1.0 |
| gnu | glibc | 2.15 |
| gnu | glibc | 2.22 |
| gnu | glibc | 2.9 |
| gnu | glibc | 2.14 |
| hp | helion_openstack | 2.1.0 |
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 15.04 |
| isc | dhcp | 4.1.1 |
| isc | dhcp | 4.3.0 |
| isc | dhcp | 4.3.2 |
| isc | dhcp | 4.2.4 |
| debian | debian_linux | 9.0 |
| isc | dhcp | 4.3.3 |
| isc | dhcp | 4.0.2 |
| isc | dhcp | 4.0.0 |
| isc | dhcp | 4.2.8 |
| isc | dhcp | 4.2.3 |
| isc | dhcp | 4.2.6 |
| canonical | ubuntu_linux | 15.10 |
| isc | dhcp | 4.2.5 |
| isc | dhcp | 4.1-esv |
| debian | debian_linux | 7.0 |
| isc | dhcp | 4.2.2 |
| isc | dhcp | 4.2.7 |
| isc | dhcp | 4.3.1 |
| isc | dhcp | 4.0.3 |
| isc | dhcp | 4.0.1 |
| debian | debian_linux | 8.0 |
| isc | dhcp | 4.2.1 |
| isc | dhcp | 4.2.0 |
| sophos | unified_threat_management_up2date | * |
| canonical | ubuntu_linux | 14.04 |
| isc | dhcp | 4.1.0 |
| isc | dhcp | 4.1.2 |
| canonical | ubuntu_linux | 12.04 |
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management_software | 9.353 |
| openbsd | openssh | 6.4 |
| openbsd | openssh | 5.5 |
| openbsd | openssh | 5.4 |
| hp | remote_device_access_virtual_customer_access_system | * |
| openbsd | openssh | 5.9 |
| openbsd | openssh | 6.3 |
| openbsd | openssh | 6.0 |
| openbsd | openssh | 6.8 |
| openbsd | openssh | 6.6 |
| openbsd | openssh | 6.9 |
| openbsd | openssh | 6.1 |
| openbsd | openssh | 6.2 |
| openbsd | openssh | 5.0 |
| openbsd | openssh | 5.3 |
| openbsd | openssh | 5.7 |
| oracle | linux | 7 |
| openbsd | openssh | 6.5 |
| openbsd | openssh | 7.0 |
| openbsd | openssh | 5.2 |
| apple | mac_os_x | * |
| openbsd | openssh | 5.1 |
| sophos | unified_threat_management_software | 9.318 |
| openbsd | openssh | 5.8 |
| oracle | solaris | 11.3 |
| openbsd | openssh | 6.7 |
| openbsd | openssh | 7.1 |
| openbsd | openssh | 5.6 |
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openbsd | openssh | 6.2 |
| sophos | unified_threat_management_software | 9.353 |
| openbsd | openssh | 6.4 |
| openbsd | openssh | 5.5 |
| openbsd | openssh | 5.7 |
| oracle | linux | 7 |
| openbsd | openssh | 5.4 |
| openbsd | openssh | 6.5 |
| openbsd | openssh | 7.0 |
| apple | mac_os_x | * |
| openbsd | openssh | 5.9 |
| openbsd | openssh | 6.3 |
| openbsd | openssh | 5.8 |
| openbsd | openssh | 6.0 |
| openbsd | openssh | 6.8 |
| openbsd | openssh | 6.6 |
| openbsd | openssh | 6.9 |
| oracle | solaris | 11.3 |
| openbsd | openssh | 6.7 |
| openbsd | openssh | 7.1 |
| hp | virtual_customer_access_system | * |
| openbsd | openssh | 5.6 |
| openbsd | openssh | 6.1 |
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management_software | * |
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | cyberoam_cr100ing_utm_firmware | 10.6.3_mr-1_build_503 |
| sophos | cyberoam_cr35ing_utm_firmware | 10.6.2_build_378 |
| sophos | cyberoam_cr35ing_utm_firmware | 10.6.2_mr-1_build_383 |
Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | puremessage | * |
Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | mobile_control_eas_proxy | * |
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management_software | * |
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management_software | * |
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | cyberoam_cr25ing_utm_firmware | 10.6.2 |
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-275,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | invincea_dell_protected_workspace | 5.1.1-22303 |
An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | invincea-x | 6.1.3-24058 |
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | 4.2.1.3 |
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | 4.2.1.3 |
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | cyberoam_firmware | * |
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncp-e | ncp_secure_entry_client | 10.11 |
| sophos | ipsec_client | 11.04 |
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sfos | 17.0 |
| sophos | sfos | * |
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | hitmanpro | * |
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | hitmanpro | * |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | * |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | * |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | * |
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | astaro_security_gateway_firmware | 7.500 |
| sophos | astaro_security_gateway_firmware | 7.506 |
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | * |
In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | hitmanpro | * |
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | * |
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sfos | 17.0.8 |
A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sfos | 17.1 |
| sophos | sfos | * |
A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sfos | 17.0 |
| sophos | sfos | 17.0.8 |
| sophos | sfos | 17.1 |
| sophos | sfos | * |
| sophos | sfos | 16.5 |
An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
CVSS 2.0
Severity: LOW
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | hitmanpro.alert | 3.7.6.744 |
An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-123,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | hitmanpro.alert | 3.7.6.744 |
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
CVSS 2.0
Severity: LOW
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | endpoint_protection | 10.7 |
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_tester | 3.2.0.7 |
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_tester | 3.2.0.7 |
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | safeguard_enterprise_client | 6.00.1 |
| sophos | safeguard_enterprise_client | 5.60.3 |
| sophos | safeguard_easy_device_encryption_client | 6.10 |
| sophos | safeguard_lan_crypt_client | 3.90.1 |
| sophos | safeguard_easy_device_encryption_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.95.1 |
| sophos | safeguard_enterprise_client | 6.10 |
| sophos | safeguard_easy_device_encryption_client | 7.00 |
| sophos | safeguard_enterprise_client | 8.00 |
| sophos | safeguard_enterprise_client | 7.00 |
| sophos | safeguard_enterprise_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.90.2 |
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | safeguard_enterprise_client | 6.00.1 |
| sophos | safeguard_enterprise_client | 5.60.3 |
| sophos | safeguard_easy_device_encryption_client | 6.10 |
| sophos | safeguard_lan_crypt_client | 3.90.1 |
| sophos | safeguard_easy_device_encryption_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.95.1 |
| sophos | safeguard_enterprise_client | 6.10 |
| sophos | safeguard_easy_device_encryption_client | 7.00 |
| sophos | safeguard_enterprise_client | 8.00 |
| sophos | safeguard_enterprise_client | 7.00 |
| sophos | safeguard_enterprise_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.90.2 |
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | safeguard_enterprise_client | 6.00.1 |
| sophos | safeguard_enterprise_client | 5.60.3 |
| sophos | safeguard_easy_device_encryption_client | 6.10 |
| sophos | safeguard_lan_crypt_client | 3.90.1 |
| sophos | safeguard_easy_device_encryption_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.95.1 |
| sophos | safeguard_enterprise_client | 6.10 |
| sophos | safeguard_easy_device_encryption_client | 7.00 |
| sophos | safeguard_enterprise_client | 8.00 |
| sophos | safeguard_enterprise_client | 7.00 |
| sophos | safeguard_enterprise_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.90.2 |
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000001A) to a user-controlled address. Also, note that all the aforementioned IOCTLs use transfer type METHOD_NEITHER, which means that the I/O manager does not validate any of the supplied pointers and buffer sizes. So, even though the driver checks for input/output buffer sizes, it doesn't validate if the pointers to those buffers are actually valid. So, we can supply a pointer for the output buffer to a kernel address space address, and the error code will be written there. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | safeguard_enterprise_client | 6.00.1 |
| sophos | safeguard_enterprise_client | 5.60.3 |
| sophos | safeguard_easy_device_encryption_client | 6.10 |
| sophos | safeguard_lan_crypt_client | 3.90.1 |
| sophos | safeguard_easy_device_encryption_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.95.1 |
| sophos | safeguard_enterprise_client | 6.10 |
| sophos | safeguard_easy_device_encryption_client | 7.00 |
| sophos | safeguard_enterprise_client | 8.00 |
| sophos | safeguard_enterprise_client | 7.00 |
| sophos | safeguard_enterprise_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.90.2 |
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | safeguard_enterprise_client | 6.00.1 |
| sophos | safeguard_enterprise_client | 5.60.3 |
| sophos | safeguard_easy_device_encryption_client | 6.10 |
| sophos | safeguard_lan_crypt_client | 3.90.1 |
| sophos | safeguard_easy_device_encryption_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.95.1 |
| sophos | safeguard_enterprise_client | 6.10 |
| sophos | safeguard_easy_device_encryption_client | 7.00 |
| sophos | safeguard_enterprise_client | 8.00 |
| sophos | safeguard_enterprise_client | 7.00 |
| sophos | safeguard_enterprise_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.90.2 |
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | safeguard_enterprise_client | 6.00.1 |
| sophos | safeguard_enterprise_client | 5.60.3 |
| sophos | safeguard_easy_device_encryption_client | 6.10 |
| sophos | safeguard_lan_crypt_client | 3.90.1 |
| sophos | safeguard_easy_device_encryption_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.95.1 |
| sophos | safeguard_enterprise_client | 6.10 |
| sophos | safeguard_easy_device_encryption_client | 7.00 |
| sophos | safeguard_enterprise_client | 8.00 |
| sophos | safeguard_enterprise_client | 7.00 |
| sophos | safeguard_enterprise_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.90.2 |
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | safeguard_enterprise_client | 6.00.1 |
| sophos | safeguard_enterprise_client | 5.60.3 |
| sophos | safeguard_easy_device_encryption_client | 6.10 |
| sophos | safeguard_lan_crypt_client | 3.90.1 |
| sophos | safeguard_easy_device_encryption_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.95.1 |
| sophos | safeguard_enterprise_client | 6.10 |
| sophos | safeguard_easy_device_encryption_client | 7.00 |
| sophos | safeguard_enterprise_client | 8.00 |
| sophos | safeguard_enterprise_client | 7.00 |
| sophos | safeguard_enterprise_client | 6.00 |
| sophos | safeguard_lan_crypt_client | 3.90.2 |
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
CVSS 2.0
Severity: LOW
Problem Type: CWE-916,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | endpoint_protection | 10.7 |
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | cyberoamos | 10.6.6 |
| sophos | cyberoamos | * |
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | anti-virus_for_sophos_central | * |
| sophos | anti-virus_for_sophos_home | * |
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sfos | * |
| sophos | sfos | 17.5 |
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sfos | 17.0 |
| sophos | sfos | 17.1 |
| sophos | sfos | 18.0 |
| sophos | sfos | 17.5 |
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_secure_email | * |
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | * |
| sophos | xg_firewall_firmware | 17.5 |
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | * |
| sophos | xg_firewall_firmware | 17.5 |
| sophos | xg_firewall_firmware | 18.0 |
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | 17.5 |
| sophos | xg_firewall_firmware | 18.0 |
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management | * |
| sophos | unified_threat_management | 9.705 |
| sophos | unified_threat_management | 9.511 |
| sophos | unified_threat_management | 9.607 |
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | cyberoamos | * |
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | * |
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-436,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | cloud_optix | * |
| sophos | endpoint_protection | * |
| sophos | mobile | * |
| sophos | intercept_x_for_server | * |
| sophos | secure_web_gateway | * |
| sophos | intercept_x_endpoint | * |
Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | hitmanpro.alert | * |
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | home | * |
| sophos | intercept_x | * |
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | connect | * |
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.9 | LOW | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.3 | 3.6 |
| security-alert@sophos.com | 3.9 | LOW | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.3 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-922,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | authenticator | * |
| sophos | intercept_x | * |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.4 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H | 1.7 | 6.0 |
| security-alert@sophos.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 8.4 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H | 1.7 | 6.0 |
| nvd@nist.gov | 8.4 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H | 1.7 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | exploit_prevention | * |
| sophos | intercept_x_for_server | * |
| sophos | intercept_x_endpoint | * |
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | hitmanpro.alert | * |
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N | 0.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | hitmanpro | * |
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management | * |
A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| security-alert@sophos.com | 4.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | email_appliance | * |
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| security-alert@sophos.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management_up2date | * |
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 5.9 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 0.7 | 5.2 |
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sophos_secure_workspace | * |
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H | 1.8 | 4.2 |
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H | 0.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | ssl_vpn_client | - |
An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sfos | * |
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management | * |
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | unified_threat_management | * |
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | sfos | * |
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| security-alert@sophos.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall | 18.5 |
| sophos | firewall | * |
| sophos | firewall | 19.0 |
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | * |
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| security-alert@sophos.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall | * |
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | * |
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | * |
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | * |
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | * |
A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | xg_firewall_firmware | * |
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | mobile | * |
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| security-alert@sophos.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | connect | * |
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| security-alert@sophos.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | connect | * |
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 1.8 | 1.4 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | connect | * |
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | * |
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| security-alert@sophos.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | * |
Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | iview | - |
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | web_appliance | 4.3.9.1 |
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| security-alert@sophos.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 2.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall | * |
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| security-alert@sophos.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | taegis_endpoint_agent | * |
A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 6.8 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |
An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-alert@sophos.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sophos | firewall_firmware | * |