CVSS: 6.6EPSS: 1%CPEs: 1EXPL: 1CVE-2021-3485 – Improper Input Validation in Bitdefender Endpoint Security Tools for Linux
https://notcve.org/view.php?id=CVE-2021-3485
24 May 2021 — An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. Una vulnerabilidad de comprobación inapropiada de entrada en la funcionalidad Product Update de Bitdefender Endpoint Security Tools para Linux, permite a un atacante m... • https://herolab.usd.de/security-advisories/usd-2021-0014 • CWE-494: Download of Code Without Integrity Check •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15279 – Scanning exclusion paths disclosure in BEST for Windows
https://notcve.org/view.php?id=CVE-2020-15279
18 May 2021 — An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research. Una vulnerabilidad de Control de Acceso inapropiado en el componente logging de Bitdefender Endpoint Security Tools para Windows versiones anteriores a 6.6.23.320, permite a un usuario habitual conocer las rutas de exclusión del análisis. ... • https://www.bitdefender.com/support/security-advisories/scanning-exclusion-paths-disclosure-in-best-for-windows-va-9380 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8097 – Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646)
https://notcve.org/view.php?id=CVE-2020-8097
30 Aug 2020 — An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. Una vulnerabi... • https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8108 – Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759)
https://notcve.org/view.php?id=CVE-2020-8108
03 Aug 2020 — Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80. Una vulnerabilidad de Autenticación Inapropiada en Bitdefender Endpoint Security para Mac, permite a un proceso no privilegiado reiniciar el servicio principal y potencialmente inyectar código de terceros a un proceso confiab... • https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17099 – Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)
https://notcve.org/view.php?id=CVE-2019-17099
27 Jan 2020 — An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. Una vulnerabilidad de Ruta de Búsqueda No Confiable en el archivo EPSecurityService.exe como es usado en Bitdefender Endpoint Security Tools versiones anteriores a 6.6.11.163, permite a un atacante cargar un archivo D... • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500 • CWE-426: Untrusted Search Path •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14242
https://notcve.org/view.php?id=CVE-2019-14242
30 Jul 2019 — An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. Se detectó un problema en los productos de Bitdefender para Windows ... • https://www.bitdefender.com/support/security-advisories/code-injection-bitdefender-products-windows • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 56%CPEs: 36EXPL: 0CVE-2012-1443
https://notcve.org/view.php?id=CVE-2012-1443
21 Mar 2012 — The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky An... • http://osvdb.org/80454 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 86%CPEs: 29EXPL: 0CVE-2012-1457
https://notcve.org/view.php?id=CVE-2012-1457
21 Mar 2012 — The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning E... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 91%CPEs: 35EXPL: 0CVE-2012-1459
https://notcve.org/view.php?id=CVE-2012-1459
21 Mar 2012 — The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •