Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Bitdefender Subscribe
Total 80 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8099 1 Bitdefender 1 Antivirus 2020 2020-04-29 4.6 MEDIUM 6.2 MEDIUM
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17.
CVE-2020-8096 1 Bitdefender 1 Antimalware Software Development Kit 2020-04-07 4.6 MEDIUM 5.3 MEDIUM
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .
CVE-2020-8093 1 Bitdefender 1 Antivirus 2020-02-05 4.6 MEDIUM 7.8 HIGH
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
CVE-2020-8092 1 Bitdefender 1 Antivirus 2020-02-05 2.1 LOW 5.5 MEDIUM
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
CVE-2019-17100 1 Bitdefender 1 Total Security 2020 2020-02-04 4.4 MEDIUM 6.5 MEDIUM
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.
CVE-2019-17102 1 Bitdefender 2 Box 2, Box 2 Firmware 2020-02-03 9.3 HIGH 8.1 HIGH
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.
CVE-2019-17095 1 Bitdefender 2 Box 2, Box 2 Firmware 2020-02-01 10.0 HIGH 9.8 CRITICAL
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.
CVE-2019-17099 1 Bitdefender 1 Endpoint Security Tools 2020-02-01 4.4 MEDIUM 7.8 HIGH
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.
CVE-2019-17096 1 Bitdefender 3 Box 2, Box 2 Firmware, Central 2020-01-31 9.3 HIGH 9.8 CRITICAL
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
CVE-2019-12611 1 Bitdefender 2 Box, Box Firmware 2019-10-22 4.9 MEDIUM 4.4 MEDIUM
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot.
CVE-2017-17409 1 Bitdefender 1 Internet Security 2018 2019-10-09 9.3 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102.
CVE-2017-17410 1 Bitdefender 1 Internet Security 2018 2019-10-09 9.3 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116.
CVE-2017-17408 1 Bitdefender 1 Internet Security 2018 2019-10-09 9.3 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.
CVE-2017-10954 1 Bitdefender 1 Internet Security 2018 2019-10-09 9.3 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361.
CVE-2017-10950 1 Bitdefender 1 Total Security 2019-10-09 6.9 MEDIUM 7.0 HIGH
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776.
CVE-2018-6183 1 Bitdefender 1 Total Security 2019-10-02 4.6 MEDIUM 7.8 HIGH
BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group.
CVE-2017-8931 1 Bitdefender 1 Gravityzone 2019-10-02 10.0 HIGH 9.8 CRITICAL
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
CVE-2017-6186 1 Bitdefender 3 Antivirus Plus, Internet Security, Total Security 2019-10-02 7.2 HIGH 6.7 MEDIUM
Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.
CVE-2019-15295 1 Bitdefender 1 Antivirus 2020 2019-08-28 9.3 HIGH 7.8 HIGH
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.
CVE-2018-18058 1 Bitdefender 1 Scan Engines 2019-05-29 2.6 LOW 5.3 MEDIUM
An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.