CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3576 – Privilege escalation via SeImpersonatePrivilege
https://notcve.org/view.php?id=CVE-2021-3576
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. Una vulnerabilidad de Ejecución con Privilegios Innecesarios en Bitdefender Endpoint Security Tools, Total Security permite a un atacante local elevarse a "NT AUTHORITY\System". • https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848 https://www.zerodayinitiative.com/advisories/ZDI-21-1276 https://www.zerodayinitiative.com/advisories/ZDI-21-1376 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15732
https://notcve.org/view.php?id=CVE-2020-15732
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como es usado en Bitdefender Total Security, permite a un atacante omitir potencialmente las comprobaciones de HTTP Strict Transport Security (HSTS). • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27587
https://notcve.org/view.php?id=CVE-2020-27587
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. Quick Heal Total Security versiones anteriores a 19.0, permite a atacantes con derechos de administrador local obtener acceso a los archivos en el File Vault mediante un ataque de fuerza bruta sobre la contraseña • https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27586
https://notcve.org/view.php?id=CVE-2020-27586
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. Quick Heal Total Security anterior a versión 19.0, transmite archivos de cuarentena y de sysinfo por medio de texto sin cifrar • https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27585
https://notcve.org/view.php?id=CVE-2020-27585
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. Quick Heal Total Security versiones anteriores a 19.0, permite a atacantes con derechos de administrador local modificar la configuración confidencial del antivirus mediante un ataque de fuerza bruta sobre la contraseña de configuración • https://cyberworldmirror.com/quick-heal-addressed-multiple-vulnerabilities-in-version-19-update-now • CWE-521: Weak Password Requirements •