CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32175 – VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32175
31 May 2023 — VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. • https://success.vipre.com/en_US/antivirus-plus-release-notes/home-plus-release-notes-20230530 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0357 – Improper Quoting Path Issue in Bitdefender Total Security
https://notcve.org/view.php?id=CVE-2022-0357
24 May 2023 — Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdef... • https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4199 – Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017)
https://notcve.org/view.php?id=CVE-2021-4199
07 Mar 2022 — Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security ... • https://www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-4198 – messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
https://notcve.org/view.php?id=CVE-2021-4198
07 Mar 2022 — A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools version... • https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016 • CWE-476: NULL Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8107 – Process Control vulnerability in Bitdefender Antivirus Plus
https://notcve.org/view.php?id=CVE-2020-8107
18 Feb 2022 — A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. Una vulnerabilidad de Control de Procesos en ProductAgentUI.exe usado en Bitdefender Antivirus Plus permite a un atacante manipular la con... • https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709 • CWE-114: Process Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15732
https://notcve.org/view.php?id=CVE-2020-15732
22 Jun 2021 — Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como... • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15733 – URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)
https://notcve.org/view.php?id=CVE-2020-15733
14 Dec 2020 — An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Error de Comprobación de Origen en el componente SafePay de Bitdefender Antivirus Plus, permite a un recurso web mostrarse incorrectamente en la barra de URL. Este problema afecta a: Bitdefender Antivirus Plus versiones anteriores a 25.0.7.29. • https://www.bitdefender.com/support/security-advisories/url-spoofing-vulnerability-bitdefender-safepay-va-8958 • CWE-346: Origin Validation Error •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14242
https://notcve.org/view.php?id=CVE-2019-14242
30 Jul 2019 — An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. Se detectó un problema en los productos de Bitdefender para Windows ... • https://www.bitdefender.com/support/security-advisories/code-injection-bitdefender-products-windows • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6186
https://notcve.org/view.php?id=CVE-2017-6186
21 Mar 2017 — Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Imag... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-94: Improper Control of Generation of Code ('Code Injection') •