VYPR

Endpoint Security Tools for Mac

by Bitdefender

CVEs (14)

  • CVE-2021-3554CriNov 24, 2021
    risk 0.59cvss 9.0epss 0.03

    Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools…

  • CVE-2024-2224HigApr 9, 2024
    risk 0.53cvss 8.1epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include…

  • CVE-2024-2223HigApr 9, 2024
    risk 0.53cvss 8.1epss 0.01

    An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:  Bitdefender Endpoint…

  • CVE-2020-8097HigAug 30, 2020
    risk 0.53cvss 8.1epss 0.00

    An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint…

  • CVE-2020-8108HigAug 3, 2020
    risk 0.53cvss 8.2epss 0.00

    Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to…

  • CVE-2021-4199HigMar 7, 2022
    risk 0.51cvss 7.8epss 0.01

    Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to…

  • CVE-2021-3579HigOct 28, 2021
    risk 0.51cvss 7.8epss 0.01

    Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects:…

  • CVE-2021-3576HigOct 28, 2021
    risk 0.51cvss 7.8epss 0.01

    Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the…

  • CVE-2022-0677HigApr 7, 2022
    risk 0.49cvss 7.5epss 0.01

    Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update…

  • CVE-2021-3485MedMay 24, 2021
    risk 0.42cvss 6.4epss 0.01

    An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects:…

  • CVE-2021-4198MedMar 7, 2022
    risk 0.40cvss 6.1epss 0.01

    A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files.…

  • CVE-2021-3553MedNov 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to…

  • CVE-2021-3552MedNov 24, 2021
    risk 0.35cvss 5.3epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions…

  • CVE-2025-5317Nov 11, 2025
    risk 0.00cvss epss 0.00

    An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually…