Vulnerabilities (CVE)

Filtered by vendor Bitdefender Subscribe
Total 89 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3579 1 Bitdefender 2 Endpoint Security Tools, Total Security 2024-02-28 4.6 MEDIUM 7.8 HIGH
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.
CVE-2021-3959 1 Bitdefender 1 Gravityzone 2024-02-28 5.0 MEDIUM 7.5 HIGH
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272
CVE-2021-3641 2 Bitdefender, Microsoft 2 Gravityzone, Windows 2024-02-28 3.6 LOW 6.1 MEDIUM
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.
CVE-2021-3554 1 Bitdefender 2 Endpoint Security Tools, Gravityzone 2024-02-28 7.5 HIGH 10.0 CRITICAL
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.
CVE-2021-3823 1 Bitdefender 1 Gravityzone 2024-02-28 7.5 HIGH 9.8 CRITICAL
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.
CVE-2021-3576 1 Bitdefender 2 Endpoint Security Tools, Total Security 2024-02-28 7.2 HIGH 7.8 HIGH
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.
CVE-2021-3960 1 Bitdefender 1 Gravityzone 2024-02-28 4.6 MEDIUM 7.8 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272
CVE-2020-15732 1 Bitdefender 3 Antivirus Plus, Internet Security, Total Security 2024-02-28 5.0 MEDIUM 7.5 HIGH
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.
CVE-2020-15734 1 Bitdefender 1 Safepay 2024-02-28 2.1 LOW 5.5 MEDIUM
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29.
CVE-2020-15279 1 Bitdefender 1 Endpoint Security Tools 2024-02-28 2.1 LOW 3.3 LOW
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.
CVE-2021-3423 1 Bitdefender 1 Gravityzone Business Security 2024-02-28 4.6 MEDIUM 7.8 HIGH
Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329.
CVE-2020-15293 1 Bitdefender 1 Hypervisor Introspection 2024-02-28 2.1 LOW 5.5 MEDIUM
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
CVE-2020-15294 1 Bitdefender 1 Hypervisor Introspection 2024-02-28 4.4 MEDIUM 7.0 HIGH
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.
CVE-2020-8109 1 Bitdefender 1 Engines 2024-02-28 5.0 MEDIUM 7.5 HIGH
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.
CVE-2020-8110 1 Bitdefender 1 Engines 2024-02-28 5.0 MEDIUM 7.5 HIGH
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.
CVE-2020-15733 1 Bitdefender 1 Antivirus Plus 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.
CVE-2020-15297 1 Bitdefender 1 Update Server 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294.
CVE-2020-15731 1 Bitdefender 1 Engines 2024-02-28 4.3 MEDIUM 3.6 LOW
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
CVE-2020-15292 1 Bitdefender 1 Hypervisor Introspection 2024-02-28 2.1 LOW 5.5 MEDIUM
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
CVE-2020-8102 1 Bitdefender 1 Total Security 2020 2024-02-28 6.8 MEDIUM 8.8 HIGH
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.