The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Sophos Endpoint Antivirus

OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK
An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data...
122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2017, CTX216642, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585
Sophos Antivirus Configuration Console: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Sophos Antivirus Configuration Console, in order to execute JavaScript code in the context of the web site...
CVE-2014-2385, VIGILANCE-VUL-14937
OpenSSL: information disclosure via Heartbeat
An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory...
1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951
Sophos Anti-Virus: denial of service via Object
A local attacker can interact with objects of Sophos Anti-Virus, in order to trigger a denial of service...
BID-65286, CVE-2014-1213, VIGILANCE-VUL-14166
Sophos Antivirus: several vulnerabilities
An attacker can create a malicious VB6/CAB/RAR/PDF file which corrupts the Sophos Antivirus memory, in order to execute code on victim's computer...
BID-56401, bulletinjul2017, CERTA-2012-AVI-627, CERTA-2012-AVI-637, cisco-sa-20121108-sophos, CSCud10556, CVE-2012-6706, VIGILANCE-VUL-12111, VU#662243
Sophos Anti-Virus: bypassing via CAB, CHM, ELF, EXE, Office, RAR, TAR, ZIP
An attacker can create an archive or a program containing a virus, which is not detected by Sophos Anti-Virus...
BID-52579, BID-52587, BID-52589, BID-52590, BID-52591, BID-52598, BID-52599, BID-52600, BID-52608, BID-52611, BID-52612, BID-52613, BID-52617, BID-52621, BID-52623, BID-52626, CVE-2012-1424, CVE-2012-1427, CVE-2012-1428, CVE-2012-1430, CVE-2012-1431, CVE-2012-1438, CVE-2012-1442, CVE-2012-1443, CVE-2012-1446, CVE-2012-1450, CVE-2012-1453, CVE-2012-1456, CVE-2012-1458, CVE-2012-1459, CVE-2012-1461, CVE-2012-1462, VIGILANCE-VUL-11473
Sophos AV: privilege elevation via SAVOnAccessFilter
A local attacker can use a vulnerability of the SAVOnAccessFilter driver, in order to obtain system privileges...
BID-40715, TPTI-10-03, VIGILANCE-VUL-9699
Sophos Anti-Virus: bypassing via CAB
An attacker can create a CAB archive containing a virus which is not detected by Sophos products...
59992, BID-35402, VIGILANCE-VUL-8802
Sophos AV: denial of service via RMS
An attacker can send a malicious GIOP message in order to force a restart of Remote Management System...
51420, BID-33313, VIGILANCE-VUL-8402
Sophos AV: denial of service via Packer
An attacker can create a malicious Packed binary in order to create a denial of service and possibly to execute code in Sophos AV...
BID-32748, CVE-2008-6904, IVIZ-08-015, VIGILANCE-VUL-8319
Our database contains other pages. You can request a free trial to read them.

Display information about Sophos Endpoint Antivirus: