Vulnerabilities > Bitdefender
|2020-12-17||CVE-2020-15294|| Unspecified vulnerability in Bitdefender Hypervisor Introspection |
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer.
| 4.4 |
|2020-12-17||CVE-2020-15293|| Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2 |
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
| 2.1 |
|2020-12-17||CVE-2020-15292|| Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection |
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
| 2.1 |
|2020-12-14||CVE-2020-15733|| Origin Validation Error vulnerability in Bitdefender Antivirus Plus |
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar.
| 4.3 |
|2020-11-09||CVE-2020-15297|| Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Update Server |
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 184.108.40.2064 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network.
| 6.4 |
|2020-10-02||CVE-2020-8110|| Access of Uninitialized Pointer vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897 |
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory.
| 5.0 |
|2020-10-01||CVE-2020-8109|| Out-Of-Bounds Write vulnerability in Bitdefender Engines 7.84063/7.84892 |
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer.
| 5.0 |
|2020-09-30||CVE-2020-15731|| Improper Input Validation vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897 |
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name.
| 4.3 |
|2020-08-30||CVE-2020-8097|| Improper Authentication vulnerability in Bitdefender Endpoint Security and Endpoint Security Tools |
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings.
| 4.6 |
|2020-08-03||CVE-2020-8108|| Improper Authentication vulnerability in Bitdefender Endpoint Security |
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process.
| 4.6 |