Vulnerabilities > Sophos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-26 | CVE-2021-25269 | Unquoted Search Path or Element vulnerability in Sophos products A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3. | 4.4 |
| 2021-10-08 | CVE-2021-25270 | Unspecified vulnerability in Sophos Hitmanpro.Alert 3.7.6.744/861 A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. | 6.7 |
| 2021-10-08 | CVE-2021-25271 | Unspecified vulnerability in Sophos Hitmanpro 3.7/3.7.20 A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. | 6.0 |
| 2021-07-29 | CVE-2021-25273 | Cross-site Scripting vulnerability in Sophos Unified Threat Management Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | 4.8 |
| 2021-05-17 | CVE-2021-25264 | Unspecified vulnerability in Sophos Home and Intercept X In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges. | 6.7 |
| 2020-06-22 | CVE-2020-14980 | Improper Certificate Validation vulnerability in Sophos Secure Email 3.9.4 The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | 5.9 |
| 2018-10-25 | CVE-2018-3970 | Use of Uninitialized Resource vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. | 5.5 |
| 2018-04-05 | CVE-2018-4863 | 7PK - Security Features vulnerability in Sophos Endpoint Protection 10.7 Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. | 5.5 |
| 2018-02-02 | CVE-2018-6319 | NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. | 5.5 |
| 2018-01-26 | CVE-2016-6217 | Cross-site Scripting vulnerability in Sophos Puremessage Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |