12 matches found
EUVD-2021-34057
Malicious code in bioql PyPI...
CVE-2022-3369
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It...
Input validation
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools in relay role, GravityZone in Update Server role allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to...
CVE-2021-4199 Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017)
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issu...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...
Improper access control
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions...
CVE-2021-3576 Privilege escalation via SeImpersonatePrivilege
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security...
CVE-2021-3485
CVE-2021-3485 affects Bitdefender Endpoint Security Tools for Linux prior to 6.2.21.155. An Improper Input Validation in the Product Update feature allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. Remediation: update to...
CVE-2020-15279
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research...
CVE-2019-17099
CVE-2019-17099 affects Bitdefender Endpoint Security Tools, specifically EPSecurityService.exe, in versions prior to 6.6.11.163. The issue is an Untrusted Search Path vulnerability that allows loading an arbitrary DLL from the search path. Evidence across sources confirms the vulnerable component...
CVE-2019-17099 Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163...