Total Security Security Vulnerabilities and Issues — Total Security CVE List

Gdata-softwareTotal Security

8 matches found

CVE•added 2018/07/13 5:0 p.m.•63 views

CVE-2018-10018

The CVE-2018-10018 entry concerns G DATA Total Security 25.4.0.3, where the GDASPAMLib.AntiSpam ActiveX control (ASK\GDASpam.dll) suffers a buffer overflow triggered by a long IsBlackListed argument. The issue affects the ActiveX component within the Total Security suite; impact is described as p...

8.8CVSS8.8AI score0.06271EPSS

CVE•added 2024/11/22 8:5 p.m.•54 views

CVE-2024-1868

CVE-2024-1868 affects G DATA Total Security, specifically the G DATA Backup Service . The root cause is a symbolic link abuse in the backup service that allows a local attacker to overwrite a file, enabling privilege escalation to SYSTEM after gaining low-privilege code execution. Impact describe...

7.8CVSS7.8AI score0.00401EPSS

CVE•added 2024/05/03 1:56 a.m.•52 views

CVE-2023-27347

CVE-2023-27347 affects G Data Total Security, specifically the Backup Service. The flaw allows local attackers who can execute low-privileged code to leverage a symbolic link in the Backup Service to create arbitrary files, enabling privilege escalation to the SYSTEM context. The vulnerability is...

7.8CVSS7.8AI score0.00396EPSS

CVE•added 2024/11/22 8:5 p.m.•51 views

CVE-2024-30377

CVE-2024-30377 affects G DATA Total Security. The vulnerability lies in the G DATA AntiVirus Scan Server: by abusing symbolic links, a local attacker can delete arbitrary files and escalate privileges to SYSTEM, potentially executing arbitrary code. Public documents cite ZDI as the advisory sourc...

7.8CVSS7.8AI score0.00401EPSS

CVE•added 2024/11/22 9:30 p.m.•50 views

CVE-2024-6871

CVE-2024-6871 affects G DATA Total Security. The flaw is in autostart task handling, caused by incorrect permissions on folders, allowing a local attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary code. The vulnerability is documented by ZDI-24-1486 and mirrored ...

7.8CVSS7.1AI score0.00224EPSS

CVE•added 2024/11/22 8:5 p.m.•47 views

CVE-2024-1867

CVE-2024-1867 affects G DATA Total Security, targeting the G DATA Backup Service. The vulnerability arises from the ability to create a symbolic link in the Backup Service, which can be abused to delete a file and escalate privileges to SYSTEM by exploiting local code execution with low privilege...

7.8CVSS7.8AI score0.00401EPSS

CVE•added 2019/03/13 2:0 p.m.•44 views

CVE-2019-9742

CVE-2019-9742 affects G Data Software Total Security prior to 2019-02-22, via the driver gdwfpcd.sys. The vulnerability stems from Interpreted Device Characteristics lacking FILE_DEVICE_SECURE_OPEN, allowing an attacker to bypass ACLs and access files/directories inside the \.\gdwfpcd device, ena...

7.5CVSS7.5AI score0.01377EPSS

CVE•added 2024/05/03 2:13 a.m.•44 views

CVE-2023-42126

CVE-2023-42126 affects G Data Total Security, specifically the GDBackupSvc service. The flaw allows a local attacker who can run low-privilege code to create a symbolic link that enables the service to write a file with a permissive DACL, enabling privilege escalation to SYSTEM and the execution ...

7.8CVSS7.8AI score0.00396EPSS