CVE-2020-9363

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-436
View all →

Vulnerability Description

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.

Related Vulnerabilities

CVE-2020-9362

HIGH
CVSS:7.8(High)

The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet ...

CWE-4362020

CVE-2019-17596

HIGH
CVSS:7.5(High)

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client t...

CWE-4362019

CVE-2020-10193

HIGH
CVSS:7.5(High)

ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Secur...

CWE-4362020

CVE-2021-39137

HIGH
CVSS:7.5(High)

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse...

CWE-4362021

CVE-2022-23773

HIGH
CVSS:7.5(High)

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able ...

CWE-4362022

CVE-2022-48230

HIGH
CVSS:7.5(High)

There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS.

CWE-4362022