CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36808
https://notcve.org/view.php?id=CVE-2021-36808
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. Un atacante local podría omitir la contraseña de la aplicación mediante una condición de carrera en Sophos Secure Workspace para Android antes de la versión 9.7.3115 • https://github.com/ctuIhu/CVE-2021-36808 https://www.sophos.com/en-us/security-advisories/sophos-sa-20211029-ssw-pw-bypass • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25271
https://notcve.org/view.php?id=CVE-2021-25271
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. Un atacante local podría leer o escribir archivos arbitrarios con privilegios de administrador en HitmanPro versiones anteriores a Build 318 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20211007-hmp-lpe •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25270
https://notcve.org/view.php?id=CVE-2021-25270
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. Un atacante local podría ejecutar código arbitrario con privilegios de administrador en HitmanPro.Alert versiones anteriores a Build 901 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20211007-hmpa-lpe •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25273
https://notcve.org/view.php?id=CVE-2021-25273
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Una vulnerabilidad de tipo XSS almacenado puede ejecutarse como administrador en la visualización de detalles del correo electrónico en cuarentena en Sophos UTM versiones anteriores a 9.706 • http://seclists.org/fulldisclosure/2021/Dec/3 https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-706-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25264
https://notcve.org/view.php?id=CVE-2021-25264
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. En múltiples versiones de los productos Sophos Endpoint para MacOS, un atacante local podría ejecutar código arbitrario con privilegios de administrador • https://community.sophos.com/b/security-blog https://community.sophos.com/b/security-blog/posts/resolved-lpe-in-endpoint-for-macos-cve-2021-25264 •