CVE-2024-42027
https://notcve.org/view.php?id=CVE-2024-42027
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. • https://hackerone.com/reports/2546437 • CWE-1391: Use of Weak Credentials •
CVE-2020-9363
https://notcve.org/view.php?id=CVE-2020-9363
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction. El motor de análisis Sophos AV versiones anteriores a 14-01-2020 permite una omisión de la detección de virus por medio de un archivo ZIP diseñado. Esto afecta a Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server y Secure Web Gateway. • https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363 • CWE-436: Interpretation Conflict •