CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3485 – Improper Input Validation in Bitdefender Endpoint Security Tools for Linux
https://notcve.org/view.php?id=CVE-2021-3485
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. Una vulnerabilidad de comprobación inapropiada de entrada en la funcionalidad Product Update de Bitdefender Endpoint Security Tools para Linux, permite a un atacante man-in-the-middle abusar de la función DownloadFile de la actualización del producto para lograr una ejecución de código remota. Este problema afecta a: Bitdefender Endpoint Security Tools para Linux versiones anteriores a 6.2.21.155 • https://herolab.usd.de/security-advisories/usd-2021-0014 https://www.bitdefender.com/support/security-advisories/improper-input-validation-in-bitdefender-endpoint-security-tools-for-linux-va-9769 • CWE-494: Download of Code Without Integrity Check •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15279 – Scanning exclusion paths disclosure in BEST for Windows
https://notcve.org/view.php?id=CVE-2020-15279
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research. Una vulnerabilidad de Control de Acceso inapropiado en el componente logging de Bitdefender Endpoint Security Tools para Windows versiones anteriores a 6.6.23.320, permite a un usuario habitual conocer las rutas de exclusión del análisis. Este problema fue detectado durante una investigación de seguridad externa • https://www.bitdefender.com/support/security-advisories/scanning-exclusion-paths-disclosure-in-best-for-windows-va-9380 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8097 – Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646)
https://notcve.org/view.php?id=CVE-2020-8097
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. Una vulnerabilidad de autenticación inapropiada en Bitdefender Endpoint Security Tools para Windows y Bitdefender Endpoint Security SDK, permite a un atacante local no privilegiado escalar privilegios o alterar la configuración de seguridad del producto. • https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8108 – Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759)
https://notcve.org/view.php?id=CVE-2020-8108
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80. Una vulnerabilidad de Autenticación Inapropiada en Bitdefender Endpoint Security para Mac, permite a un proceso no privilegiado reiniciar el servicio principal y potencialmente inyectar código de terceros a un proceso confiable. Este problema afecta a: Bitdefender Endpoint Security para Mac versiones anteriores a 4.12.80 • https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17099 – Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)
https://notcve.org/view.php?id=CVE-2019-17099
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. Una vulnerabilidad de Ruta de Búsqueda No Confiable en el archivo EPSecurityService.exe como es usado en Bitdefender Endpoint Security Tools versiones anteriores a 6.6.11.163, permite a un atacante cargar un archivo DLL arbitrario desde la ruta de búsqueda. Este problema afecta a: EPSecurityService.exe de Bitdefender versiones anteriores a 6.6.11.163. • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500 • CWE-426: Untrusted Search Path •