Vulnerabilities > Bitdefender

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-15294 Unspecified vulnerability in Bitdefender Hypervisor Introspection
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer.
local
bitdefender
4.4
2020-12-17 CVE-2020-15293 Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
local
low complexity
bitdefender CWE-20
2.1
2020-12-17 CVE-2020-15292 Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
local
low complexity
bitdefender CWE-20
2.1
2020-12-14 CVE-2020-15733 Origin Validation Error vulnerability in Bitdefender Antivirus Plus
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar.
4.3
2020-11-09 CVE-2020-15297 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Update Server
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network.
network
low complexity
bitdefender CWE-918
6.4
2020-10-02 CVE-2020-8110 Access of Uninitialized Pointer vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory.
network
low complexity
bitdefender CWE-824
5.0
2020-10-01 CVE-2020-8109 Out-Of-Bounds Write vulnerability in Bitdefender Engines 7.84063/7.84892
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer.
network
low complexity
bitdefender CWE-787
5.0
2020-09-30 CVE-2020-15731 Improper Input Validation vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name.
4.3
2020-08-30 CVE-2020-8097 Improper Authentication vulnerability in Bitdefender Endpoint Security and Endpoint Security Tools
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings.
local
low complexity
bitdefender CWE-287
4.6
2020-08-03 CVE-2020-8108 Improper Authentication vulnerability in Bitdefender Endpoint Security
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process.
local
low complexity
bitdefender CWE-287
4.6