cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-9363,https://securityvulnerability.io/vulnerability/CVE-2020-9363,Virus Detection Bypass in Sophos Products due to ZIP Archive Processing Flaw,"The vulnerability allows attackers to exploit a flaw in the Sophos AV parsing engine, enabling them to bypass virus detection by using specially crafted ZIP archives. This issue affects multiple Sophos products but is noted by the vendor to have limited impact on endpoint protection as the malware is detected upon extraction.",Sophos,"Cloud Optix,Mobile,Intercept X Endpoint,Intercept X For Server,Secure Web Gateway,Endpoint Protection",7.8,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2020-02-24T15:07:39.000Z,0
CVE-2010-5177,https://securityvulnerability.io/vulnerability/CVE-2010-5177,,"Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute",Sophos,Sophos Endpoint Security And Control,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2012-08-25T21:55:00.000Z,0
CVE-2006-5645,https://securityvulnerability.io/vulnerability/CVE-2006-5645,,"Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when ""Enabled scanning of archives"" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.",Sophos,"Anti-virus,Endpoint Security",,,0.18569999933242798,false,,false,false,false,,,false,false,,2006-11-01T15:00:00.000Z,0
CVE-2006-5646,https://securityvulnerability.io/vulnerability/CVE-2006-5646,,"Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0.",Sophos,"Anti-virus,Endpoint Security",,,0.5958999991416931,false,,false,false,false,,,false,false,,2006-11-01T15:00:00.000Z,0
CVE-2006-5647,https://securityvulnerability.io/vulnerability/CVE-2006-5647,,"Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka ""CHM name length memory consumption vulnerability.""",Sophos,"Anti-virus,Endpoint Security",,,0.1412300020456314,false,,false,false,false,,,false,false,,2006-11-01T15:00:00.000Z,0