Vulnerabilities > Bitdefender
|2021-06-22||CVE-2020-15732|| Improper Certificate Validation vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security |
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks.
| 5.0 |
|2021-05-24||CVE-2021-3485|| Improper Input Validation vulnerability in Bitdefender Endpoint Security Tools 184.108.40.206 |
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution.
| 6.0 |
|2021-05-18||CVE-2020-15279|| Incorrect Authorization vulnerability in Bitdefender Endpoint Security Tools 220.127.116.111 |
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 18.104.22.1680 allows a regular user to learn the scanning exclusion paths.
| 2.1 |
|2021-05-18||CVE-2021-3423|| Uncontrolled Search Path Element vulnerability in Bitdefender Gravityzone Business Security |
Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges.
| 4.6 |
|2020-12-17||CVE-2020-15294|| Unspecified vulnerability in Bitdefender Hypervisor Introspection |
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer.
| 4.4 |
|2020-12-17||CVE-2020-15293|| Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2 |
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
| 2.1 |
|2020-12-17||CVE-2020-15292|| Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection |
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
| 2.1 |
|2020-12-14||CVE-2020-15733|| Origin Validation Error vulnerability in Bitdefender Antivirus Plus |
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar.
| 4.3 |
|2020-11-09||CVE-2020-15297|| Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Update Server |
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 22.214.171.1244 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network.
| 6.4 |
|2020-10-02||CVE-2020-8110|| Access of Uninitialized Pointer vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897 |
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory.
| 5.0 |