Vulnerabilities (CVE)

Filtered by vendor Bitdefender Subscribe
Total 89 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1431 10 Aladdin, Authentium, Bitdefender and 7 more 10 Esafe, Command Antivirus, Bitdefender and 7 more 2024-02-28 4.3 MEDIUM N/A
The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVE-2012-1430 8 Aladdin, Bitdefender, Comodo and 5 more 9 Esafe, Bitdefender, Comodo Antivirus and 6 more 2024-02-28 4.3 MEDIUM N/A
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
CVE-2009-0850 1 Bitdefender 1 Internet Security 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file.
CVE-2008-1735 1 Bitdefender 1 Antivirus 2024-02-28 4.9 MEDIUM N/A
BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.
CVE-2008-5409 3 Bitdefender, Bullguard, Software602 4 Antivirus, Bitdefender, Internet Security and 1 more 2024-02-28 9.3 HIGH N/A
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.
CVE-2007-6189 1 Bitdefender 1 Online Anti-virus Scanner 2024-02-28 9.3 HIGH N/A
A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.
CVE-2007-0391 1 Bitdefender 1 Bitdefender Client 2024-02-28 7.2 HIGH N/A
Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.
CVE-2008-0396 1 Bitdefender 1 Update Server 2024-02-28 7.8 HIGH N/A
Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
CVE-2007-5775 1 Bitdefender 3 Antivirus, Internet Security, Total Security 2024-02-28 9.3 HIGH N/A
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.