CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-4198 – messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
https://notcve.org/view.php?id=CVE-2021-4198
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. • https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016 https://www.zerodayinitiative.com/advisories/ZDI-22-483 • CWE-476: NULL Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8107 – Process Control vulnerability in Bitdefender Antivirus Plus
https://notcve.org/view.php?id=CVE-2020-8107
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. Una vulnerabilidad de Control de Procesos en ProductAgentUI.exe usado en Bitdefender Antivirus Plus permite a un atacante manipular la configuración del producto por medio de un archivo DLL especialmente diseñado. • https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709 • CWE-114: Process Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3960 – Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146)
https://notcve.org/view.php?id=CVE-2021-3960
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 Una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") en el componente UpdateServer de Bitdefender GravityZone permite a un atacante ejecutar código arbitrario en instancias vulnerables. Este problema afecta a Bitdefender GravityZone versiones anteriores a 3.3.8.272 • https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-10146 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3959 – Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145)
https://notcve.org/view.php?id=CVE-2021-3959
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el componente EPPUpdateService de Bitdefender Endpoint Security Tools permite a un atacante enviar peticiones al servidor de retransmisión. Este problema afecta a: Bitdefender GravityZone versiones anteriores a 3.3.8.272 • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-bitdefender-gravityzone-update-server-in-relay-mode-va-10145 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3553 – Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825)
https://notcve.org/view.php?id=CVE-2021-3553
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en EPPUpdateService de Bitdefender Endpoint Security Tools permite a un atacante usar el relé de Endpoint Protection como proxy para cualquier host remoto. • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-eppupdateservice-remote-config-file-va-9825 https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-eppupdateservice-remote-config-file-va-9825 • CWE-918: Server-Side Request Forgery (SSRF) •