Lucene search
K
BitdefenderEndpoint Security Tools

13 matches found

CVE
CVE
added 2022/03/07 11:30 a.m.116 views

CVE-2021-4198

CVE-2021-4198 is a NULL pointer dereference in Bitdefender’s messaging_ipc.dll affecting multiple Bitdefender products. Affected versions include Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, and VPN Standalone, with vulnerable build dates prior to 26.0.3.29 (and End...

6.1CVSS6.1AI score0.00557EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.98 views

CVE-2022-0677

CVE-2022-0677 is an instance of an improper handling of length parameter inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay) and GravityZone (in Update Server). The issue allows a remote attacker to cause a Denial-of-Service. Affected produ...

7.5CVSS7.4AI score0.01229EPSS
CVE
CVE
added 2022/03/07 11:35 a.m.92 views

CVE-2021-4199

CVE-2021-4199 is a local privilege-escalation flaw in Bitdefender products where BDReinit.exe’s crash-handling component suffers incorrect permission assignment for a critical resource, enabling a local attacker to escalate to SYSTEM. Affected are Bitdefender Total Security, Internet Security, An...

7.8CVSS7.7AI score0.00758EPSS
CVE
CVE
added 2021/05/24 1:30 p.m.65 views

CVE-2021-3485

CVE-2021-3485 affects Bitdefender Endpoint Security Tools for Linux prior to 6.2.21.155. An Improper Input Validation in the Product Update feature allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. Remediation: update to...

6.6CVSS6.9AI score0.0088EPSS
CVE
CVE
added 2021/10/28 1:50 p.m.62 views

CVE-2021-3579

CVE-2021-3579 affects Bitdefender Endpoint Security Tools for Windows and Bitdefender Total Security prior to 7.2.1.65. The issue is an Incorrect Default Permissions in the bdservicehost.exe and Vulnerability.Scan.exe components, enabling a local attacker to escalate privileges to NT AUTHORITY\SY...

7.8CVSS7.4AI score0.00708EPSS
CVE
CVE
added 2021/10/28 1:50 p.m.59 views

CVE-2021-3576

CVE-2021-3576 is a local privilege-escalation vulnerability in Bitdefender products (Endpoint Security Tools and Total Security). The root cause is an impersonation flaw where an untrusted process can impersonate the client of a pipe, enabling a local attacker to elevate to NT AUTHORITY\System. A...

7.8CVSS7.4AI score0.00942EPSS
CVE
CVE
added 2020/01/27 5:23 p.m.56 views

CVE-2019-17099

CVE-2019-17099 affects Bitdefender Endpoint Security Tools, specifically EPSecurityService.exe, in versions prior to 6.6.11.163. The issue is an Untrusted Search Path vulnerability that allows loading an arbitrary DLL from the search path. Evidence across sources confirms the vulnerable component...

7.8CVSS6.2AI score0.00652EPSS
CVE
CVE
added 2021/11/24 2:45 p.m.50 views

CVE-2021-3554

CVE-2021-3554 describes an improper access control in the patchesUpdate API of Bitdefender Endpoint Security Tools for Linux, where a relay role can be abused to manipulate the remote address used to pull patches. Affected are Bitdefender Endpoint Security Tools for Linux versions before 6.6.27.3...

10CVSS9.2AI score0.02682EPSS
CVE
CVE
added 2021/05/18 11:0 a.m.49 views

CVE-2020-15279

CVE-2020-15279 affects Bitdefender Endpoint Security Tools for Windows prior to 6.6.23.320. The issue is an improper access control in the logging component that allows a regular user to learn the scanning exclusion paths, enabling disclosure of sensitive configuration details. The vulnerability ...

4CVSS3.9AI score0.00474EPSS
CVE
CVE
added 2021/11/24 2:45 p.m.47 views

CVE-2021-3553

Bitdefender CVE-2021-3553: SSRF in the EPPUpdateService allows using Endpoint Protection Relay as a proxy. Affected products/versions include Bitdefender Endpoint Security Tools before 6.6.27.390 and before 7.1.2.33, Bitdefender Unified Endpoint for Linux before 6.2.21.160, and Bitdefender Gravit...

7.5CVSS6.2AI score0.0128EPSS
CVE
CVE
added 2020/08/30 8:35 p.m.46 views

CVE-2020-8097

CVE-2020-8097 affects Bitdefender Endpoint Security Tools for Windows (pre-6.6.18.261) and Bitdefender Endpoint Security SDK (pre-6.6.18.261). The root cause is improper authentication allowing a local, unprivileged attacker to escalate privileges or tamper with security settings. CVSS data shows...

8.1CVSS8AI score0.004EPSS
CVE
CVE
added 2021/11/24 2:40 p.m.44 views

CVE-2021-3552

CVE-2021-3552 affects Bitdefender Endpoint Security Tools (EPPUpdateService component). The issue is a Server-Side Request Forgery (SSRF) that lets an attacker proxy requests to the relay server. Affected versions are Bitdefender Endpoint Security Tools prior to 6.6.27.390 and prior to 7.1.2.33; ...

7.5CVSS6.2AI score0.01367EPSS
CVE
CVE
added 2025/12/10 9:46 a.m.18 views

CVE-2025-7073

CVE-2025-7073 affects Bitdefender Total Security 27.0.46.231. The local privilege escalation stems from bdservicehost.exe deleting files in a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic-link validation. The issue is described as being chained with a file copy ope...

8.8CVSS6.4AI score0.00145EPSS