Vulnerabilities (CVE)

Filtered by vendor Bitdefender Subscribe
Total 89 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8103 1 Bitdefender 1 Antivirus 2020 2024-11-21 3.6 LOW 7.2 HIGH
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.
CVE-2020-8102 1 Bitdefender 1 Total Security 2020 2024-11-21 6.8 MEDIUM 8.8 HIGH
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.
CVE-2020-8100 1 Bitdefender 1 Engines 2024-11-21 5.0 MEDIUM 9.0 CRITICAL
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.
CVE-2020-8099 1 Bitdefender 1 Antivirus 2020 2024-11-21 4.6 MEDIUM 7.1 HIGH
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17.
CVE-2020-8097 1 Bitdefender 2 Endpoint Security, Endpoint Security Tools 2024-11-21 4.6 MEDIUM 8.1 HIGH
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.
CVE-2020-8096 1 Bitdefender 1 Antimalware Software Development Kit 2024-11-21 4.6 MEDIUM 6.3 MEDIUM
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .
CVE-2020-8095 1 Bitdefender 1 Total Security 2020 2024-11-21 4.9 MEDIUM 4.9 MEDIUM
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.
CVE-2020-8093 1 Bitdefender 1 Antivirus 2024-11-21 4.6 MEDIUM 5.3 MEDIUM
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
CVE-2020-8092 1 Bitdefender 1 Antivirus 2024-11-21 2.1 LOW 1.6 LOW
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
CVE-2020-15734 1 Bitdefender 1 Safepay 2024-11-21 2.1 LOW 5.5 MEDIUM
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29.
CVE-2020-15733 1 Bitdefender 1 Antivirus Plus 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.
CVE-2020-15732 1 Bitdefender 3 Antivirus Plus, Internet Security, Total Security 2024-11-21 5.0 MEDIUM 6.5 MEDIUM
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.
CVE-2020-15731 1 Bitdefender 1 Engines 2024-11-21 4.3 MEDIUM 3.2 LOW
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
CVE-2020-15297 1 Bitdefender 1 Update Server 2024-11-21 6.4 MEDIUM 7.1 HIGH
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294.
CVE-2020-15294 1 Bitdefender 1 Hypervisor Introspection 2024-11-21 4.4 MEDIUM 7.8 HIGH
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.
CVE-2020-15293 1 Bitdefender 1 Hypervisor Introspection 2024-11-21 2.1 LOW 6.1 MEDIUM
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
CVE-2020-15292 1 Bitdefender 1 Hypervisor Introspection 2024-11-21 2.1 LOW 5.5 MEDIUM
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
CVE-2020-15279 1 Bitdefender 1 Endpoint Security Tools 2024-11-21 2.1 LOW 4.0 MEDIUM
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.
CVE-2019-6738 1 Bitdefender 1 Safepay 2024-11-21 6.8 MEDIUM 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. When processing the launch method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7250.
CVE-2019-6737 1 Bitdefender 1 Safepay 2024-11-21 6.8 MEDIUM 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7247.