Filtered by vendor Bitdefender
Subscribe
Search
Total
18 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8095 | 1 Bitdefender | 1 Total Security 2020 | 2022-05-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | |||||
| CVE-2021-3485 | 1 Bitdefender | 1 Endpoint Security Tools | 2022-04-26 | 6.0 MEDIUM | 6.6 MEDIUM |
| An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. | |||||
| CVE-2021-3641 | 2 Bitdefender, Microsoft | 2 Gravityzone, Windows | 2022-02-09 | 3.6 LOW | 6.1 MEDIUM |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. | |||||
| CVE-2019-14242 | 2 Bitdefender, Microsoft | 5 Antivirus Plus, Endpoint Security Tool, Internet Security and 2 more | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. | |||||
| CVE-2020-15734 | 1 Bitdefender | 1 Safepay | 2021-04-21 | 2.1 LOW | 5.5 MEDIUM |
| An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29. | |||||
| CVE-2020-15292 | 1 Bitdefender | 1 Hypervisor Introspection | 2020-12-22 | 2.1 LOW | 5.5 MEDIUM |
| Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | |||||
| CVE-2020-15293 | 1 Bitdefender | 1 Hypervisor Introspection | 2020-12-22 | 2.1 LOW | 5.5 MEDIUM |
| Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | |||||
| CVE-2020-15733 | 1 Bitdefender | 1 Antivirus Plus | 2020-12-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29. | |||||
| CVE-2020-8099 | 1 Bitdefender | 1 Antivirus 2020 | 2020-04-29 | 4.6 MEDIUM | 6.2 MEDIUM |
| A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. | |||||
| CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2020-04-07 | 4.6 MEDIUM | 5.3 MEDIUM |
| Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | |||||
| CVE-2020-8092 | 1 Bitdefender | 1 Antivirus | 2020-02-05 | 2.1 LOW | 5.5 MEDIUM |
| A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. | |||||
| CVE-2019-17100 | 1 Bitdefender | 1 Total Security 2020 | 2020-02-04 | 4.4 MEDIUM | 6.5 MEDIUM |
| An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. | |||||
| CVE-2019-17103 | 1 Bitdefender | 1 Antivirus | 2020-02-03 | 2.1 LOW | 5.5 MEDIUM |
| An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0. | |||||
| CVE-2019-12611 | 1 Bitdefender | 2 Box, Box Firmware | 2019-10-22 | 4.9 MEDIUM | 4.4 MEDIUM |
| An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. | |||||
| CVE-2017-6186 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2019-10-03 | 7.2 HIGH | 6.7 MEDIUM |
| Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | |||||
| CVE-2018-18058 | 1 Bitdefender | 1 Scan Engines | 2019-05-29 | 2.6 LOW | 5.3 MEDIUM |
| An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2018-18059 | 1 Bitdefender | 1 Scan Engines | 2019-05-29 | 2.6 LOW | 5.3 MEDIUM |
| An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2018-18060 | 1 Bitdefender | 1 Scan Engines | 2019-05-29 | 2.6 LOW | 5.3 MEDIUM |
| An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered in the dalvik.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||