CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25271
https://notcve.org/view.php?id=CVE-2021-25271
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. Un atacante local podría leer o escribir archivos arbitrarios con privilegios de administrador en HitmanPro versiones anteriores a Build 318 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20211007-hmp-lpe •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25270
https://notcve.org/view.php?id=CVE-2021-25270
A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. Un atacante local podría ejecutar código arbitrario con privilegios de administrador en HitmanPro.Alert versiones anteriores a Build 901 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20211007-hmpa-lpe •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25273
https://notcve.org/view.php?id=CVE-2021-25273
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. Una vulnerabilidad de tipo XSS almacenado puede ejecutarse como administrador en la visualización de detalles del correo electrónico en cuarentena en Sophos UTM versiones anteriores a 9.706 • http://seclists.org/fulldisclosure/2021/Dec/3 https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-706-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25264
https://notcve.org/view.php?id=CVE-2021-25264
In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. En múltiples versiones de los productos Sophos Endpoint para MacOS, un atacante local podría ejecutar código arbitrario con privilegios de administrador • https://community.sophos.com/b/security-blog https://community.sophos.com/b/security-blog/posts/resolved-lpe-in-endpoint-for-macos-cve-2021-25264 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25265
https://notcve.org/view.php?id=CVE-2021-25265
A malicious website could execute code remotely in Sophos Connect Client before version 2.1. Un sitio web malicioso podría ejecutar código remotamente en Sophos Connect Client versiones anteriores a 2.1 • https://community.sophos.com/b/security-blog https://community.sophos.com/b/security-blog/posts/resolved-rce-in-sophos-connect-client-for-windows-cve-2021-25265 •