Filtered by vendor Bitdefender
Subscriptions
Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8107 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2022-02-25 | 7.8 High |
| A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. | ||||
| CVE-2021-3641 | 2 Bitdefender, Microsoft | 2 Gravityzone, Windows | 2022-02-09 | 6.1 Medium |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. | ||||
| CVE-2021-3959 | 1 Bitdefender | 1 Gravityzone | 2021-12-22 | 7.5 High |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 | ||||
| CVE-2021-3960 | 1 Bitdefender | 1 Gravityzone | 2021-12-21 | 7.8 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 | ||||
| CVE-2021-3552 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2021-12-01 | 7.5 High |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. | ||||
| CVE-2021-3553 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2021-11-30 | 7.5 High |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | ||||
| CVE-2021-3579 | 1 Bitdefender | 2 Endpoint Security Tools, Total Security | 2021-11-28 | 7.8 High |
| Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65. | ||||
| CVE-2021-3823 | 1 Bitdefender | 1 Gravityzone | 2021-11-03 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249. | ||||
| CVE-2019-14242 | 2 Bitdefender, Microsoft | 5 Antivirus Plus, Endpoint Security Tool, Internet Security and 2 more | 2021-07-21 | N/A |
| An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. | ||||
| CVE-2020-15732 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2021-06-29 | 7.5 High |
| Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. | ||||
| CVE-2021-3423 | 1 Bitdefender | 1 Gravityzone Business Security | 2021-05-25 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329. | ||||
| CVE-2020-15734 | 1 Bitdefender | 1 Safepay | 2021-04-21 | 5.5 Medium |
| An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29. | ||||
| CVE-2020-15294 | 1 Bitdefender | 1 Hypervisor Introspection | 2020-12-22 | 7.0 High |
| Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2. | ||||
| CVE-2020-15292 | 1 Bitdefender | 1 Hypervisor Introspection | 2020-12-22 | 5.5 Medium |
| Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | ||||
| CVE-2020-15293 | 1 Bitdefender | 1 Hypervisor Introspection | 2020-12-22 | 5.5 Medium |
| Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | ||||
| CVE-2020-15733 | 1 Bitdefender | 1 Antivirus Plus | 2020-12-16 | 6.5 Medium |
| An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29. | ||||
| CVE-2020-15297 | 1 Bitdefender | 1 Update Server | 2020-11-24 | 9.1 Critical |
| Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. | ||||
| CVE-2020-8109 | 1 Bitdefender | 1 Engines | 2020-10-14 | 7.5 High |
| A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions. | ||||
| CVE-2020-8110 | 1 Bitdefender | 1 Engines | 2020-10-09 | 7.5 High |
| A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions. | ||||
| CVE-2020-15731 | 1 Bitdefender | 1 Engines | 2020-10-09 | 3.6 Low |
| An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448. | ||||