cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-9363,https://securityvulnerability.io/vulnerability/CVE-2020-9363,,"The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.",Sophos,"Cloud Optix,Mobile,Intercept X Endpoint,Intercept X For Server,Secure Web Gateway,Endpoint Protection",7.8,HIGH,0.0007600000244565308,false,false,false,false,,false,false,2020-02-24T15:07:39.000Z,0
CVE-2010-5177,https://securityvulnerability.io/vulnerability/CVE-2010-5177,,"Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute",Sophos,Sophos Endpoint Security And Control,,,0.0004199999966658652,false,false,false,false,,false,false,2012-08-25T21:55:00.000Z,0
CVE-2006-5645,https://securityvulnerability.io/vulnerability/CVE-2006-5645,,"Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when ""Enabled scanning of archives"" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.",Sophos,"Anti-virus,Endpoint Security",,,0.18569999933242798,false,false,false,false,,false,false,2006-11-01T15:00:00.000Z,0
CVE-2006-5646,https://securityvulnerability.io/vulnerability/CVE-2006-5646,,"Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0.",Sophos,"Anti-virus,Endpoint Security",,,0.5958999991416931,false,false,false,false,,false,false,2006-11-01T15:00:00.000Z,0
CVE-2006-5647,https://securityvulnerability.io/vulnerability/CVE-2006-5647,,"Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka ""CHM name length memory consumption vulnerability.""",Sophos,"Anti-virus,Endpoint Security",,,0.12110999971628189,false,false,false,false,,false,false,2006-11-01T15:00:00.000Z,0