Vulnerabilities > Bitdefender

DATE CVE VULNERABILITY TITLE RISK
2020-06-22 CVE-2020-8102 Improper Input Validation vulnerability in Bitdefender Total Security 2020 24.0.12.69
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process.
6.8
2020-06-05 CVE-2020-8103 Link Following vulnerability in Bitdefender Antivirus 2020 1.0.15.138/1.0.17/1.0.17.169
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location.
local
low complexity
bitdefender CWE-59
3.6
2020-05-15 CVE-2020-8100 Improper Input Validation vulnerability in Bitdefender Engines
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample.
network
low complexity
bitdefender CWE-20
5.0
2020-04-21 CVE-2020-8099 Link Following vulnerability in Bitdefender Antivirus 2020 1.0.15.138
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location.
local
low complexity
bitdefender CWE-59
4.6
2020-04-07 CVE-2020-8096 Untrusted Search Path vulnerability in Bitdefender Antimalware Software Development KIT
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path.
local
low complexity
bitdefender CWE-426
4.6
2020-01-30 CVE-2020-8095 Improper Input Validation vulnerability in Bitdefender Total Security 2020 24.0.12.69/24.0.20.116
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.
local
low complexity
bitdefender CWE-20
4.9
2020-01-30 CVE-2020-8093 Injection vulnerability in Bitdefender Antivirus
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
local
low complexity
bitdefender CWE-74
4.6
2020-01-30 CVE-2020-8092 Improper Privilege Management vulnerability in Bitdefender Antivirus
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud.
local
low complexity
bitdefender CWE-269
2.1
2020-01-27 CVE-2019-17099 Untrusted Search Path vulnerability in Bitdefender Endpoint Security Tools
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path.
4.4
2020-01-27 CVE-2019-17095 OS Command Injection vulnerability in Bitdefender BOX 2 Firmware 2.1.47.42/2.1.53.45
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45.
network
low complexity
bitdefender CWE-78
critical
10.0