CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3576 – Privilege escalation via SeImpersonatePrivilege
https://notcve.org/view.php?id=CVE-2021-3576
28 Oct 2021 — Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. Una vulnerabilidad de Ejecución con Privilegios Innecesarios en Bitd... • https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15732
https://notcve.org/view.php?id=CVE-2020-15732
22 Jun 2021 — Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como... • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27587
https://notcve.org/view.php?id=CVE-2020-27587
30 Nov 2020 — Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. Quick Heal Total Security versiones anteriores a 19.0, permite a atacantes con derechos de administrador local obtener acceso a los archivos en el File Vault mediante un ataque de fuerza bruta sobre la contraseña • https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27586
https://notcve.org/view.php?id=CVE-2020-27586
30 Nov 2020 — Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. Quick Heal Total Security anterior a versión 19.0, transmite archivos de cuarentena y de sysinfo por medio de texto sin cifrar • https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27585
https://notcve.org/view.php?id=CVE-2020-27585
30 Nov 2020 — Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. Quick Heal Total Security versiones anteriores a 19.0, permite a atacantes con derechos de administrador local modificar la configuración confidencial del antivirus mediante un ataque de fuerza bruta sobre la contraseña de configuración • https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now • CWE-521: Weak Password Requirements •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15687
https://notcve.org/view.php?id=CVE-2019-15687
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15686
https://notcve.org/view.php?id=CVE-2019-15686
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection permitió a un... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15685
https://notcve.org/view.php?id=CVE-2019-15685
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15688
https://notcve.org/view.php?id=CVE-2019-15688
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection no inf... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14242
https://notcve.org/view.php?id=CVE-2019-14242
30 Jul 2019 — An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. Se detectó un problema en los productos de Bitdefender para Windows ... • https://www.bitdefender.com/support/security-advisories/code-injection-bitdefender-products-windows • CWE-427: Uncontrolled Search Path Element •