cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-9363,https://securityvulnerability.io/vulnerability/CVE-2020-9363,,"The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.",Sophos,"Cloud Optix,Mobile,Intercept X Endpoint,Intercept X For Server,Secure Web Gateway,Endpoint Protection",7.8,HIGH,0.0007600000244565308,false,false,false,false,,false,false,2020-02-24T15:07:39.000Z,0
CVE-2018-4863,https://securityvulnerability.io/vulnerability/CVE-2018-4863,,Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.,Sophos,Endpoint Protection,5.5,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2018-04-05T17:00:00.000Z,0
CVE-2018-9233,https://securityvulnerability.io/vulnerability/CVE-2018-9233,,"Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.",Sophos,Endpoint Protection,7.8,HIGH,0.0015699999639764428,false,false,false,false,,false,false,2018-04-05T17:00:00.000Z,0