| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-9233 |
1 Sophos |
1 Endpoint Protection |
2019-10-03 |
2.1 |
| Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe... |
| CVE-2018-3970 |
1 Sophos |
1 Hitmanpro.alert |
2019-01-25 |
2.1 |
| An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory... |
| CVE-2016-7442 |
1 Sophos |
1 Unified Threat Management Software |
2018-10-09 |
2.1 |
| The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam"... |
| CVE-2016-7397 |
1 Sophos |
1 Unified Threat Management Software |
2018-10-09 |
2.1 |
| The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab. |
| CVE-2018-4863 |
1 Sophos |
1 Endpoint Protection |
2018-05-18 |
2.1 |
| Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. |
| CVE-2012-4736 |
1 Sophos |
1 Safeguard Enterprise |
2017-08-29 |
3.3 |
| The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for... |
