CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0357 – Improper Quoting Path Issue in Bitdefender Total Security
https://notcve.org/view.php?id=CVE-2022-0357
24 May 2023 — Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdef... • https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security • CWE-428: Unquoted Search Path or Element •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3369 – Improper handling of registry symbolic links in Bitdefender Engines
https://notcve.org/view.php?id=CVE-2022-3369
01 Nov 2022 — An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior t... • https://www.bitdefender.com/support/security-advisories/improper-handling-of-registry-symbolic-links-in-bitdefender-engines-va-10562 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2830 – Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)
https://notcve.org/view.php?id=CVE-2022-2830
05 Sep 2022 — Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2. Una vulnerabilidad de Deserialización de Datos No Confiables en el componente de procesamiento de mensajes de Bitdefender GravityZone Console permite a un atacante pasar com... • https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0677 – Improper Handling of Length Parameter Inconsistency vulnerability in Bitdefender Update Server (VA-10144)
https://notcve.org/view.php?id=CVE-2022-0677
07 Apr 2022 — Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.1... • https://www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4199 – Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017)
https://notcve.org/view.php?id=CVE-2021-4199
07 Mar 2022 — Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security ... • https://www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-4198 – messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
https://notcve.org/view.php?id=CVE-2021-4198
07 Mar 2022 — A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools version... • https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016 • CWE-476: NULL Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8107 – Process Control vulnerability in Bitdefender Antivirus Plus
https://notcve.org/view.php?id=CVE-2020-8107
18 Feb 2022 — A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. Una vulnerabilidad de Control de Procesos en ProductAgentUI.exe usado en Bitdefender Antivirus Plus permite a un atacante manipular la con... • https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709 • CWE-114: Process Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3960 – Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146)
https://notcve.org/view.php?id=CVE-2021-3960
16 Dec 2021 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 Una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") en el componente UpdateServer de Bitdefender GravityZone permite a un atacante ejecutar código arbitrario en ... • https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-10146 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3959 – Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145)
https://notcve.org/view.php?id=CVE-2021-3959
16 Dec 2021 — A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el componente EPPUpdateService de Bitdefender Endpoint Security Tools permite a un atacante enviar peticiones al servidor de retransmisión. Este problema afecta a: Bitdefender Gravi... • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-bitdefender-gravityzone-update-server-in-relay-mode-va-10145 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3553 – Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825)
https://notcve.org/view.php?id=CVE-2021-3553
24 Nov 2021 — A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en EPPUpdateS... • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-eppupdateservice-remote-config-file-va-9825 • CWE-918: Server-Side Request Forgery (SSRF) •