The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Sophos Anti-Virus

Sophos Endpoint Protection: privilege escalation via Weak Unsalted Hash
An attacker can bypass restrictions via Weak Unsalted Hash of Sophos Endpoint Protection, in order to escalate his privileges...
CVE-2018-9233, VIGILANCE-VUL-25768
Sophos Endpoint Protection: privilege escalation via Enhanced Tamper Protection
An attacker can bypass restrictions via Enhanced Tamper Protection of Sophos Endpoint Protection, in order to escalate his privileges...
CVE-2018-4863, VIGILANCE-VUL-25767
Sophos Anti-Virus: privilege escalation via Mac OS X
An attacker can bypass restrictions via Mac OS X of Sophos Anti-Virus, in order to escalate his privileges...
VIGILANCE-VUL-23496
OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK
An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data...
122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2017, CTX216642, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585
Sophos Antivirus Configuration Console: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Sophos Antivirus Configuration Console, in order to execute JavaScript code in the context of the web site...
CVE-2014-2385, VIGILANCE-VUL-14937
OpenSSL: information disclosure via Heartbeat
An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory...
1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951
Sophos Anti-Virus: denial of service via Object
A local attacker can interact with objects of Sophos Anti-Virus, in order to trigger a denial of service...
BID-65286, CVE-2014-1213, VIGILANCE-VUL-14166
Sophos Antivirus: several vulnerabilities
An attacker can create a malicious VB6/CAB/RAR/PDF file which corrupts the Sophos Antivirus memory, in order to execute code on victim's computer...
BID-56401, bulletinjul2017, CERTA-2012-AVI-627, CERTA-2012-AVI-637, cisco-sa-20121108-sophos, CSCud10556, CVE-2012-6706, VIGILANCE-VUL-12111, VU#662243
Sophos Anti-Virus: bypassing via CAB, CHM, ELF, EXE, Office, RAR, TAR, ZIP
An attacker can create an archive or a program containing a virus, which is not detected by Sophos Anti-Virus...
BID-52579, BID-52587, BID-52589, BID-52590, BID-52591, BID-52598, BID-52599, BID-52600, BID-52608, BID-52611, BID-52612, BID-52613, BID-52617, BID-52621, BID-52623, BID-52626, CVE-2012-1424, CVE-2012-1427, CVE-2012-1428, CVE-2012-1430, CVE-2012-1431, CVE-2012-1438, CVE-2012-1442, CVE-2012-1443, CVE-2012-1446, CVE-2012-1450, CVE-2012-1453, CVE-2012-1456, CVE-2012-1458, CVE-2012-1459, CVE-2012-1461, CVE-2012-1462, VIGILANCE-VUL-11473
Sophos AV: privilege elevation via SAVOnAccessFilter
A local attacker can use a vulnerability of the SAVOnAccessFilter driver, in order to obtain system privileges...
BID-40715, TPTI-10-03, VIGILANCE-VUL-9699
Our database contains other pages. You can request a free trial to read them.

Display information about Sophos Anti-Virus: