Filtered by vendor Bitdefender
Subscriptions
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17102 | 1 Bitdefender | 2 Box 2, Box 2 Firmware | 2024-09-17 | 8.3 High |
| An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36. | ||||
| CVE-2020-15279 | 1 Bitdefender | 1 Endpoint Security Tools | 2024-09-17 | 4 Medium |
| An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research. | ||||
| CVE-2020-15293 | 1 Bitdefender | 1 Hypervisor Introspection | 2024-09-17 | 6.1 Medium |
| Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | ||||
| CVE-2012-1431 | 10 Aladdin, Authentium, Bitdefender and 7 more | 10 Esafe, Command Antivirus, Bitdefender and 7 more | 2024-09-17 | N/A |
| The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | ||||
| CVE-2019-17100 | 1 Bitdefender | 1 Total Security 2020 | 2024-09-17 | 5.2 Medium |
| An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. | ||||
| CVE-2022-3369 | 1 Bitdefender | 1 Engines | 2024-09-17 | 8.6 High |
| An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659. | ||||
| CVE-2021-3576 | 1 Bitdefender | 2 Endpoint Security Tools, Total Security | 2024-09-17 | 7.8 High |
| Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. | ||||
| CVE-2020-8093 | 1 Bitdefender | 1 Antivirus | 2024-09-17 | 5.3 Medium |
| A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | ||||
| CVE-2020-8097 | 1 Bitdefender | 2 Endpoint Security, Endpoint Security Tools | 2024-09-17 | 8.1 High |
| An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. | ||||
| CVE-2021-3641 | 2 Bitdefender, Microsoft | 2 Gravityzone, Windows | 2024-09-17 | 6.1 Medium |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. | ||||
| CVE-2020-8109 | 1 Bitdefender | 1 Engines | 2024-09-17 | 5.9 Medium |
| A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions. | ||||
| CVE-2019-17096 | 1 Bitdefender | 3 Box 2, Box 2 Firmware, Central | 2024-09-17 | 9 Critical |
| A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | ||||
| CVE-2020-8102 | 1 Bitdefender | 1 Total Security 2020 | 2024-09-17 | 8.8 High |
| Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. | ||||
| CVE-2021-4198 | 1 Bitdefender | 5 Antivirus Plus, Endpoint Security Tools, Internet Security and 2 more | 2024-09-17 | 6.1 Medium |
| A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48. | ||||
| CVE-2019-17095 | 1 Bitdefender | 2 Box 2, Box 2 Firmware | 2024-09-17 | 8.1 High |
| A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability. | ||||
| CVE-2021-3959 | 1 Bitdefender | 1 Gravityzone | 2024-09-17 | 6.8 Medium |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 | ||||
| CVE-2020-8095 | 1 Bitdefender | 1 Total Security 2020 | 2024-09-17 | 4.9 Medium |
| A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | ||||
| CVE-2021-3553 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2024-09-17 | 5.3 Medium |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | ||||
| CVE-2020-15732 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2024-09-17 | 6.5 Medium |
| Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. | ||||
| CVE-2020-8092 | 1 Bitdefender | 1 Antivirus | 2024-09-17 | 1.6 Low |
| A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. | ||||