Vulnerabilities > Bitdefender

DATE CVE VULNERABILITY TITLE RISK
2021-11-09 CVE-2021-3641 Link Following vulnerability in Bitdefender Gravityzone
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service.
local
low complexity
bitdefender CWE-59
2.1
2021-10-28 CVE-2021-3823 Path Traversal vulnerability in Bitdefender Gravityzone
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances.
network
low complexity
bitdefender CWE-22
7.5
2021-10-28 CVE-2021-3579 Incorrect Default Permissions vulnerability in Bitdefender Endpoint Security Tools and Total Security
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65.
local
low complexity
bitdefender CWE-276
4.6
2021-10-28 CVE-2021-3576 Improper Privilege Management vulnerability in Bitdefender Endpoint Security Tools and Total Security
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System.
local
low complexity
bitdefender CWE-269
4.6
2021-06-22 CVE-2020-15732 Improper Certificate Validation vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks.
network
low complexity
bitdefender CWE-295
5.0
2021-05-24 CVE-2021-3485 Improper Input Validation vulnerability in Bitdefender Endpoint Security Tools 6.2.21.18
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution.
6.0
2021-05-18 CVE-2021-3423 Uncontrolled Search Path Element vulnerability in Bitdefender Gravityzone Business Security
Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges.
local
low complexity
bitdefender CWE-427
4.6
2021-05-18 CVE-2020-15279 Incorrect Authorization vulnerability in Bitdefender Endpoint Security Tools 6.6.18.261
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths.
local
low complexity
bitdefender CWE-863
2.1
2020-12-17 CVE-2020-15292 Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
local
low complexity
bitdefender CWE-20
2.1
2020-12-17 CVE-2020-15293 Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
local
low complexity
bitdefender CWE-20
2.1