NotCVE - vendor:"Bitdefender" product:"Total Security"

Page 2 of 23 results (0.004 seconds)

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-8107 – Process Control vulnerability in Bitdefender Antivirus Plus

https://notcve.org/view.php?id=CVE-2020-8107

18 Feb 2022 — A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. Una vulnerabilidad de Control de Procesos en ProductAgentUI.exe usado en Bitdefender Antivirus Plus permite a un atacante manipular la con... • https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709 • CWE-114: Process Control •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-3576 – Privilege escalation via SeImpersonatePrivilege

https://notcve.org/view.php?id=CVE-2021-3576

28 Oct 2021 — Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. Una vulnerabilidad de Ejecución con Privilegios Innecesarios en Bitd... • https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-3579 – Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe

https://notcve.org/view.php?id=CVE-2021-3579

28 Oct 2021 — Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65. Una vulnerabilidad de Permisos Predeterminados Incorrectos en los componentes bdservicehost.exe y Vulnerabilit... • https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848 • CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-15732

https://notcve.org/view.php?id=CVE-2020-15732

22 Jun 2021 — Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como... • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2020-8102 – Insufficient URL sanitization and validation in Safepay Browser (VA-8631)

https://notcve.org/view.php?id=CVE-2020-8102

22 Jun 2020 — Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. Una Vulnerabilidad de Comprobación de Entrada Inapropiada en el componente navegador Safepay de Bitdefender Total Security 2020, permite a una página web externa especialmente diseñada ejecutar comandos remotos dentr... • https://www.bitdefender.com/support/security-advisories/insufficient-url-sanitization-validation-safepay-browser-va-8631 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-8095 – Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2020-8095

30 Jan 2020 — A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. Una vulnerabilidad en el manejo inapropiado de uniones antes de la eliminación en Bitdefender Total Security 2020, puede permitir a un atacante desencadenar una denegación de servicio en el dispositivo afectado. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of BitD... • https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-17100 – Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895)

https://notcve.org/view.php?id=CVE-2019-17100

27 Jan 2020 — An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. Una vulnerabilidad de Ruta de Búsqueda No Confiable en el archivo bdserviceshost.exe como es usado en Bitdefender Total Security 2020, permite a un atacante ejecutar código arbitrario. Este problema no afecta: Bitdefender Total Security versiones anteriores a 24.0.12.69. • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895 • CWE-426: Untrusted Search Path •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-14242

https://notcve.org/view.php?id=CVE-2019-14242

30 Jul 2019 — An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. Se detectó un problema en los productos de Bitdefender para Windows ... • https://www.bitdefender.com/support/security-advisories/code-injection-bitdefender-products-windows • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-6183 – BitDefender Total Security 2018 Insecure Pipe Permissions

https://notcve.org/view.php?id=CVE-2018-6183

08 Mar 2018 — BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group. BitDefender Total Security 2018 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (DoS) suplantando todas las tuberías mediante el uso de una "tubería nombrada creada de forma no segura". Garantiza el acceso total al grupo de usuarios Everyone. ... • http://seclists.org/fulldisclosure/2018/Mar/24 •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-10950 – Bitdefender Total Security bdfwfpf Kernel Driver Double Free Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2017-10950

17 Aug 2017 — This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this... • http://www.securityfocus.com/bid/100418 • CWE-415: Double Free •

1 2 3