13 matches found
CVE-2021-4198
CVE-2021-4198 is a NULL pointer dereference in Bitdefender’s messaging_ipc.dll affecting multiple Bitdefender products. Affected versions include Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, and VPN Standalone, with vulnerable build dates prior to 26.0.3.29 (and End...
CVE-2022-0677
CVE-2022-0677 is an instance of an improper handling of length parameter inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay) and GravityZone (in Update Server). The issue allows a remote attacker to cause a Denial-of-Service. Affected produ...
CVE-2021-4199
CVE-2021-4199 is a local privilege-escalation flaw in Bitdefender products where BDReinit.exe’s crash-handling component suffers incorrect permission assignment for a critical resource, enabling a local attacker to escalate to SYSTEM. Affected are Bitdefender Total Security, Internet Security, An...
CVE-2021-3485
CVE-2021-3485 affects Bitdefender Endpoint Security Tools for Linux prior to 6.2.21.155. An Improper Input Validation in the Product Update feature allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. Remediation: update to...
CVE-2021-3579
CVE-2021-3579 affects Bitdefender Endpoint Security Tools for Windows and Bitdefender Total Security prior to 7.2.1.65. The issue is an Incorrect Default Permissions in the bdservicehost.exe and Vulnerability.Scan.exe components, enabling a local attacker to escalate privileges to NT AUTHORITY\SY...
CVE-2021-3576
CVE-2021-3576 is a local privilege-escalation vulnerability in Bitdefender products (Endpoint Security Tools and Total Security). The root cause is an impersonation flaw where an untrusted process can impersonate the client of a pipe, enabling a local attacker to elevate to NT AUTHORITY\System. A...
CVE-2019-17099
CVE-2019-17099 affects Bitdefender Endpoint Security Tools, specifically EPSecurityService.exe, in versions prior to 6.6.11.163. The issue is an Untrusted Search Path vulnerability that allows loading an arbitrary DLL from the search path. Evidence across sources confirms the vulnerable component...
CVE-2021-3554
CVE-2021-3554 describes an improper access control in the patchesUpdate API of Bitdefender Endpoint Security Tools for Linux, where a relay role can be abused to manipulate the remote address used to pull patches. Affected are Bitdefender Endpoint Security Tools for Linux versions before 6.6.27.3...
CVE-2020-15279
CVE-2020-15279 affects Bitdefender Endpoint Security Tools for Windows prior to 6.6.23.320. The issue is an improper access control in the logging component that allows a regular user to learn the scanning exclusion paths, enabling disclosure of sensitive configuration details. The vulnerability ...
CVE-2021-3553
Bitdefender CVE-2021-3553: SSRF in the EPPUpdateService allows using Endpoint Protection Relay as a proxy. Affected products/versions include Bitdefender Endpoint Security Tools before 6.6.27.390 and before 7.1.2.33, Bitdefender Unified Endpoint for Linux before 6.2.21.160, and Bitdefender Gravit...
CVE-2020-8097
CVE-2020-8097 affects Bitdefender Endpoint Security Tools for Windows (pre-6.6.18.261) and Bitdefender Endpoint Security SDK (pre-6.6.18.261). The root cause is improper authentication allowing a local, unprivileged attacker to escalate privileges or tamper with security settings. CVSS data shows...
CVE-2021-3552
CVE-2021-3552 affects Bitdefender Endpoint Security Tools (EPPUpdateService component). The issue is a Server-Side Request Forgery (SSRF) that lets an attacker proxy requests to the relay server. Affected versions are Bitdefender Endpoint Security Tools prior to 6.6.27.390 and prior to 7.1.2.33; ...
CVE-2025-7073
CVE-2025-7073 affects Bitdefender Total Security 27.0.46.231. The local privilege escalation stems from bdservicehost.exe deleting files in a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic-link validation. The issue is described as being chained with a file copy ope...