CVE-2021-4198 – messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
https://notcve.org/view.php?id=CVE-2021-4198
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. • https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016 https://www.zerodayinitiative.com/advisories/ZDI-22-483 • CWE-476: NULL Pointer Dereference •
CVE-2020-8107 – Process Control vulnerability in Bitdefender Antivirus Plus
https://notcve.org/view.php?id=CVE-2020-8107
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. Una vulnerabilidad de Control de Procesos en ProductAgentUI.exe usado en Bitdefender Antivirus Plus permite a un atacante manipular la configuración del producto por medio de un archivo DLL especialmente diseñado. • https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709 • CWE-114: Process Control •
CVE-2021-43772
https://notcve.org/view.php?id=CVE-2021-43772
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. Trend Micro Security 2021 versión v17.0 (Consumer), contiene una vulnerabilidad que permite modificar los archivos dentro de la carpeta protegida sin ninguna detección • https://helpcenter.trendmicro.com/en-us/article/tmka-10855 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2020-15732
https://notcve.org/view.php?id=CVE-2020-15732
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como es usado en Bitdefender Total Security, permite a un atacante omitir potencialmente las comprobaciones de HTTP Strict Transport Security (HSTS). • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •
CVE-2021-26718
https://notcve.org/view.php?id=CVE-2021-26718
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. KIS para macOS en algunos casos de uso era vulnerable a la omisión de AV que potencialmente permitía a un atacante deshabilitar la protección antivirus. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321 • CWE-863: Incorrect Authorization •