Vulnerabilities (CVE)

Vendor filter

Sophos Subscribe

Filter

6 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-9233 1 Sophos 1 Endpoint Protection 2019-10-03 2.1
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe...
CVE-2018-3970 1 Sophos 1 Hitmanpro.alert 2019-01-25 2.1
An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory...
CVE-2016-7442 1 Sophos 1 Unified Threat Management Software 2018-10-09 2.1
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam"...
CVE-2016-7397 1 Sophos 1 Unified Threat Management Software 2018-10-09 2.1
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
CVE-2018-4863 1 Sophos 1 Endpoint Protection 2018-05-18 2.1
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
CVE-2012-4736 1 Sophos 1 Safeguard Enterprise 2017-08-29 3.3
The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for...