Search Results (Refine Search)
- CPE Product Version: cpe:/a:sophos:endpoint_protection:10.7
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-9363 |
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction. Published: February 24, 2020; 11:15:13 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-9233 |
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches. Published: April 05, 2018; 1:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2018-4863 |
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. Published: April 05, 2018; 1:29:00 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |