NotCVE - vendor:"BItdefender"

Page 4 of 101 results (0.006 seconds)

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-3554 – Improper Access Control vulnerability in the patchesUpdate API

https://notcve.org/view.php?id=CVE-2021-3554

24 Nov 2021 — Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. Una vulnerabilidad de control de acceso inadecuado en la... • https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-3552 – Insufficient validation on regular expression in EPPUpdateService config file (VA-9825)

https://notcve.org/view.php?id=CVE-2021-3552

24 Nov 2021 — A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el componente EPPUpdateService de Bitdefender Endpoint Security Tools permite a un atacante enviar peticiones al serv... • https://www.bitdefender.com/support/security-advisories/insufficient-validation-regular-expression-eppupdateservice-config-file-va-9825 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-3641 – Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921)

https://notcve.org/view.php?id=CVE-2021-3641

09 Nov 2021 — Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. Una vulnerabilidad de Resolución de Enlaces Inapropiada versiones anteriores al Acceso a Archivos ("Link Following") en el componente EPAG de Bitdefender Endpoint Security Tools for Windows permite a un atacante local causar un... • https://www.bitdefender.com/support/security-advisories/improper-link-resolution-before-file-access-in-bitdefender-gravityzone-va-9921 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-3823 – Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode

https://notcve.org/view.php?id=CVE-2021-3823

28 Oct 2021 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249. Una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") en el componente UpdateServer de Bitdefender GravityZone permite a un atacante ejecutar código arbitrario e... • https://www.bitdefender.com/support/security-advisories/path-traversal-vulnerability-in-bitdefender-gravitzone-update-server-in-relay-mode-va-10039 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-3576 – Privilege escalation via SeImpersonatePrivilege

https://notcve.org/view.php?id=CVE-2021-3576

28 Oct 2021 — Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. Una vulnerabilidad de Ejecución con Privilegios Innecesarios en Bitd... • https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-3579 – Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe

https://notcve.org/view.php?id=CVE-2021-3579

28 Oct 2021 — Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65. Una vulnerabilidad de Permisos Predeterminados Incorrectos en los componentes bdservicehost.exe y Vulnerabilit... • https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848 • CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-15732

https://notcve.org/view.php?id=CVE-2020-15732

22 Jun 2021 — Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como... • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •

CVSS: 6.6EPSS: 1%CPEs: 1EXPL: 1

CVE-2021-3485 – Improper Input Validation in Bitdefender Endpoint Security Tools for Linux

https://notcve.org/view.php?id=CVE-2021-3485

24 May 2021 — An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. Una vulnerabilidad de comprobación inapropiada de entrada en la funcionalidad Product Update de Bitdefender Endpoint Security Tools para Linux, permite a un atacante m... • https://herolab.usd.de/security-advisories/usd-2021-0014 • CWE-494: Download of Code Without Integrity Check •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-15279 – Scanning exclusion paths disclosure in BEST for Windows

https://notcve.org/view.php?id=CVE-2020-15279

18 May 2021 — An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research. Una vulnerabilidad de Control de Acceso inapropiado en el componente logging de Bitdefender Endpoint Security Tools para Windows versiones anteriores a 6.6.23.320, permite a un usuario habitual conocer las rutas de exclusión del análisis. ... • https://www.bitdefender.com/support/security-advisories/scanning-exclusion-paths-disclosure-in-best-for-windows-va-9380 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-3423 – Privilege escalation in Bitdefender GravityZone Business Security

https://notcve.org/view.php?id=CVE-2021-3423

18 May 2021 — Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329. Una vulnerabilidad del elemento de ruta de búsqueda no controlada en el componente openssl como es usado en Bitdefender GravityZone Business Security, permite a un atacante cargar una DLL de terceros para escalar privilegios.&#x... • https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-gravityzone-business-security-va-9557 • CWE-427: Uncontrolled Search Path Element •

1 2 3 4 5