Vulnerabilities > Sophos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-01 | CVE-2006-5645 | Resource Management Errors vulnerability in Sophos Anti-Virus and Endpoint Security Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero. | 5.0 |
| 2006-11-01 | CVE-2006-4839 | Denial of Service and Memory Corruption vulnerability in Sophos Anti-Virus 5.1 Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | 5.0 |
| 2005-12-31 | CVE-2005-4680 | Remote Security vulnerability in Sophos Anti-Virus Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. | 5.0 |
| 2005-10-30 | CVE-2005-3382 | Unspecified vulnerability in Sophos Anti-Virus 3.91Engine2.28.4 Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | 5.0 |
| 2005-10-14 | CVE-2005-3216 | Security Bypass vulnerability in Sophos Anti-Virus Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | 5.1 |
| 2005-07-19 | CVE-2005-1530 | Remote Denial Of Service vulnerability in Sophos Anti-Virus BZip2 Archive Handling Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value. | 5.0 |
| 2005-05-14 | CVE-2005-1551 | Denial-Of-Service vulnerability in Sophos Anti-Virus 3.93 Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot. | 5.1 |
| 2004-12-31 | CVE-2004-2075 | Denial Of Service vulnerability in Sophos Anti-Virus MIME Header Handling Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated. | 5.0 |
| 2004-02-12 | CVE-2004-2088 | Unspecified vulnerability in Sophos Anti-Virus 3.4.6/3.78 Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message. | 5.0 |