Vulnerabilities > Bitdefender
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-06 | CVE-2024-4177 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. | 9.8 |
2023-07-14 | CVE-2023-3633 | Out-of-bounds Write vulnerability in Bitdefender Engines An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower. | 7.5 |
2023-05-24 | CVE-2022-0357 | Unquoted Search Path or Element vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | 7.8 |
2022-11-01 | CVE-2022-3369 | Improper Privilege Management vulnerability in Bitdefender Engines An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. | 5.5 |
2022-04-07 | CVE-2022-0677 | Unspecified vulnerability in Bitdefender Endpoint Security Tools, Gravityzone and Update Server Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. | 5.0 |
2022-03-07 | CVE-2021-4198 | NULL Pointer Dereference vulnerability in Bitdefender products A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. | 3.6 |
2022-03-07 | CVE-2021-4199 | Incorrect Permission Assignment for Critical Resource vulnerability in Bitdefender products Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. | 7.2 |
2022-02-18 | CVE-2020-8107 | Unspecified vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. local bitdefender | 4.4 |
2021-12-16 | CVE-2021-3959 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone 3.3.8.249 A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. | 5.0 |
2021-12-16 | CVE-2021-3960 | Path Traversal vulnerability in Bitdefender Gravityzone 3.3.8.249 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. | 4.6 |