Vulnerabilities > Bitdefender

DATE CVE VULNERABILITY TITLE RISK
2022-11-01 CVE-2022-3369 Improper Privilege Management vulnerability in Bitdefender Engines
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key.
local
low complexity
bitdefender CWE-269
5.5
2022-04-07 CVE-2022-0677 Unspecified vulnerability in Bitdefender Endpoint Security Tools, Gravityzone and Update Server
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service.
network
low complexity
bitdefender
5.0
2022-03-07 CVE-2021-4198 NULL Pointer Dereference vulnerability in Bitdefender products
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files.
local
low complexity
bitdefender CWE-476
3.6
2022-03-07 CVE-2021-4199 Incorrect Permission Assignment for Critical Resource vulnerability in Bitdefender products
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM.
local
low complexity
bitdefender CWE-732
7.2
2022-02-18 CVE-2020-8107 Unspecified vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file.
local
bitdefender
4.4
2021-12-16 CVE-2021-3959 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone 3.3.8.249
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server.
network
low complexity
bitdefender CWE-918
5.0
2021-12-16 CVE-2021-3960 Path Traversal vulnerability in Bitdefender Gravityzone 3.3.8.249
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances.
local
low complexity
bitdefender CWE-22
4.6
2021-11-24 CVE-2021-3552 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server.
network
low complexity
bitdefender CWE-918
5.0
2021-11-24 CVE-2021-3553 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host.
network
low complexity
bitdefender CWE-918
5.0
2021-11-24 CVE-2021-3554 Unspecified vulnerability in Bitdefender Endpoint Security Tools and Gravityzone
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches.
network
low complexity
bitdefender
7.5