Vulnerabilities (CVE)

Filtered by vendor Bitdefender Subscribe
Total 89 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8097 1 Bitdefender 2 Endpoint Security, Endpoint Security Tools 2024-02-28 4.6 MEDIUM 7.8 HIGH
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.
CVE-2020-8100 1 Bitdefender 1 Engines 2024-02-28 5.0 MEDIUM 7.5 HIGH
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.
CVE-2020-8096 1 Bitdefender 1 Antimalware Software Development Kit 2024-02-28 4.6 MEDIUM 5.3 MEDIUM
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .
CVE-2020-8108 1 Bitdefender 1 Endpoint Security 2024-02-28 4.6 MEDIUM 8.8 HIGH
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80.
CVE-2020-8103 1 Bitdefender 1 Antivirus 2020 2024-02-28 3.6 LOW 7.1 HIGH
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.
CVE-2020-8099 1 Bitdefender 1 Antivirus 2020 2024-02-28 4.6 MEDIUM 6.2 MEDIUM
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17.
CVE-2020-8093 1 Bitdefender 1 Antivirus 2024-02-28 4.6 MEDIUM 7.8 HIGH
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
CVE-2019-17099 1 Bitdefender 1 Endpoint Security Tools 2024-02-28 4.4 MEDIUM 7.8 HIGH
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.
CVE-2020-8092 1 Bitdefender 1 Antivirus 2024-02-28 2.1 LOW 5.5 MEDIUM
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
CVE-2019-17102 1 Bitdefender 2 Box 2, Box 2 Firmware 2024-02-28 9.3 HIGH 8.1 HIGH
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.
CVE-2019-12612 1 Bitdefender 2 Box, Box Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup mode.
CVE-2019-17096 1 Bitdefender 3 Box 2, Box 2 Firmware, Central 2024-02-28 9.3 HIGH 9.8 CRITICAL
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
CVE-2019-12611 1 Bitdefender 2 Box, Box Firmware 2024-02-28 4.9 MEDIUM 4.4 MEDIUM
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot.
CVE-2019-17095 1 Bitdefender 2 Box 2, Box 2 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.
CVE-2019-17100 1 Bitdefender 1 Total Security 2020 2024-02-28 4.4 MEDIUM 6.5 MEDIUM
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.
CVE-2020-8095 1 Bitdefender 1 Total Security 2020 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.
CVE-2019-17103 1 Bitdefender 1 Antivirus 2024-02-28 2.1 LOW 5.5 MEDIUM
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
CVE-2019-14242 2 Bitdefender, Microsoft 5 Antivirus Plus, Endpoint Security Tool, Internet Security and 2 more 2024-02-28 7.2 HIGH 6.7 MEDIUM
An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges.
CVE-2019-6737 1 Bitdefender 1 Safepay 2024-02-28 6.8 MEDIUM 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7247.
CVE-2018-18059 1 Bitdefender 1 Scan Engines 2024-02-28 2.6 LOW 5.3 MEDIUM
An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.