CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25270
https://notcve.org/view.php?id=CVE-2021-25270
07 Oct 2021 — A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. Un atacante local podría ejecutar código arbitrario con privilegios de administrador en HitmanPro.Alert versiones anteriores a Build 901 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20211007-hmpa-lpe •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9540
https://notcve.org/view.php?id=CVE-2020-9540
01 Mar 2020 — Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. Sophos HitmanPro.Alert antes del build 861, permite una escalada de privilegios local. • https://www.hitmanpro.com/en-us/whatsnewalert.aspx •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-3970
https://notcve.org/view.php?id=CVE-2018-3970
25 Oct 2018 — An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. Existe una vulnerabilidad explotable de divulgación de memoria en la funcionalidad de manejo de llamadas IOCTL 0x222000 de Sophos HitmanPro.Alert 3.7.6.744. Una petición IRP especialment... • http://www.securityfocus.com/bid/105743 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-3971
https://notcve.org/view.php?id=CVE-2018-3971
25 Oct 2018 — An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability. Existe una vulnerabilidad explotable de escritura arbitraria en la funcionalidad de manejo de llamadas IOCTL 0x2222CC de Sophos HitmanPro.Alert 3.7.6.744. Una petición IRP esp... • http://www.securityfocus.com/bid/105743 • CWE-123: Write-what-where Condition •