Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Bitdefender Subscribe
Total 80 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15732 1 Bitdefender 3 Antivirus Plus, Internet Security, Total Security 2021-06-29 5.0 MEDIUM 7.5 HIGH
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.
CVE-2021-3423 1 Bitdefender 1 Gravityzone Business Security 2021-05-25 4.6 MEDIUM 7.8 HIGH
Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329.
CVE-2020-15734 1 Bitdefender 1 Safepay 2021-04-21 2.1 LOW 5.5 MEDIUM
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29.
CVE-2020-15294 1 Bitdefender 1 Hypervisor Introspection 2020-12-22 4.4 MEDIUM 7.0 HIGH
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.
CVE-2020-15292 1 Bitdefender 1 Hypervisor Introspection 2020-12-22 2.1 LOW 5.5 MEDIUM
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
CVE-2020-15293 1 Bitdefender 1 Hypervisor Introspection 2020-12-22 2.1 LOW 5.5 MEDIUM
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
CVE-2020-15733 1 Bitdefender 1 Antivirus Plus 2020-12-16 4.3 MEDIUM 6.5 MEDIUM
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.
CVE-2020-15297 1 Bitdefender 1 Update Server 2020-11-24 6.4 MEDIUM 9.1 CRITICAL
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294.
CVE-2020-8109 1 Bitdefender 1 Engines 2020-10-14 5.0 MEDIUM 7.5 HIGH
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.
CVE-2020-8110 1 Bitdefender 1 Engines 2020-10-09 5.0 MEDIUM 7.5 HIGH
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.
CVE-2020-15731 1 Bitdefender 1 Engines 2020-10-08 4.3 MEDIUM 3.6 LOW
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
CVE-2019-6738 1 Bitdefender 1 Safepay 2020-10-06 6.8 MEDIUM 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. When processing the launch method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7250.
CVE-2019-6736 1 Bitdefender 1 Safepay 2020-10-06 6.8 MEDIUM 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7234.
CVE-2020-8097 1 Bitdefender 2 Endpoint Security, Endpoint Security Tools 2020-09-04 4.6 MEDIUM 7.8 HIGH
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.
CVE-2019-12612 1 Bitdefender 2 Box, Box Firmware 2020-08-24 7.2 HIGH 7.8 HIGH
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode.
CVE-2020-8108 1 Bitdefender 1 Endpoint Security 2020-08-04 4.6 MEDIUM 8.8 HIGH
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80.
CVE-2020-8102 1 Bitdefender 1 Total Security 2020 2020-06-26 6.8 MEDIUM 8.8 HIGH
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.
CVE-2020-8103 1 Bitdefender 1 Antivirus 2020 2020-06-11 3.6 LOW 7.1 HIGH
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.
CVE-2020-8100 1 Bitdefender 1 Engines 2020-05-19 5.0 MEDIUM 7.5 HIGH
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.
CVE-2019-17103 1 Bitdefender 1 Antivirus 2020-05-04 2.1 LOW 5.5 MEDIUM
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.