CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20000
https://notcve.org/view.php?id=CVE-2019-20000
The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted. La función de escaneo de malware en BullGuard Premium Protection versión 20.0.371.8, presenta un problema TOCTOU lo que hace posible un ataque de enlace simbólico, permitiendo que archivos privilegiados sean eliminados. • https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/BullGuard/Privileged%20File%20Delete/v20.0.371.8/README.md • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 4CVE-2014-9642 – BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9642
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call. bdagent.sys en BullGuard Antivirus, Internet Security, Premium Protection, y Online Backup anterior a 15.0.288 permite a usuarios locales escribir datos a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL 0x0022405c manipulada. Multiple products from BullGuard suffer from an arbitrary write privilege escalation vulnerability. • https://www.exploit-db.com/exploits/35994 http://packetstormsecurity.com/files/130247/BullGuard-14.1.285.4-Privilege-Escalation.html http://www.bullguard.com/about/release-notes.aspx http://www.exploit-db.com/exploits/35994 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/114478 • CWE-264: Permissions, Privileges, and Access Controls •