Vulnerabilities > Bitdefender
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-22 | CVE-2020-15732 | Improper Certificate Validation vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. | 7.5 |
| 2021-05-24 | CVE-2021-3485 | Unspecified vulnerability in Bitdefender Endpoint Security Tools 6.2.21.18 An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. | 6.6 |
| 2021-05-18 | CVE-2020-15279 | Unspecified vulnerability in Bitdefender Endpoint Security Tools 6.6.18.261 An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. | 3.3 |
| 2021-05-18 | CVE-2021-3423 | Uncontrolled Search Path Element vulnerability in Bitdefender Gravityzone Business Security Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. | 7.8 |
| 2021-04-12 | CVE-2020-15734 | Origin Validation Error vulnerability in Bitdefender Safepay 23.0.10.34 An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. | 5.5 |
| 2020-12-17 | CVE-2020-15294 | Unspecified vulnerability in Bitdefender Hypervisor Introspection 1.132.0 Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. | 7.0 |
| 2020-12-17 | CVE-2020-15293 | Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2 Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | 5.5 |
| 2020-12-17 | CVE-2020-15292 | Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.0 Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | 5.5 |
| 2020-12-14 | CVE-2020-15733 | Origin Validation Error vulnerability in Bitdefender Antivirus Plus 12.0/23.0.24.120/24.0.26.136 An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. | 6.5 |
| 2020-11-09 | CVE-2020-15297 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Update Server 3.4.0.276 Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. | 9.1 |