QSearchQSearch

CVE-2021-3485

6.4 MEDIUM

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in...

Published: 2021-05-24 · Last updated: 2026-06-17

Severity and scoring

CVSS
6.4 MEDIUM
Vector
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-494

Affected products

VendorProduct
bitdefenderendpoint_security_tools

Description

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-10047 The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in ... (7.8 HIGH)
  • CVE-2026-10046 Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, im... (7.8 HIGH)
  • CVE-2025-7073 A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to... (7.8 HIGH)
  • CVE-2021-3823 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender... (7.1 HIGH)
  • CVE-2021-3579 Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoin... (7.8 HIGH)

Same CWE

  • CVE-2026-9037 A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through...
  • CVE-2026-45058 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client
  • CVE-2026-9089 The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update opera... (8.8 HIGH)
  • CVE-2026-42249 Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled... (9.8 CRITICAL)
  • CVE-2026-42248 Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables (9.8 CRITICAL)