Vulnerabilities > Bitdefender
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-8095 | Improper Input Validation vulnerability in Bitdefender Total Security 2020 24.0.12.69/24.0.20.116 A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | 5.5 |
| 2020-01-30 | CVE-2020-8093 | Injection vulnerability in Bitdefender Antivirus A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | 7.8 |
| 2020-01-30 | CVE-2020-8092 | Improper Privilege Management vulnerability in Bitdefender Antivirus A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. | 5.5 |
| 2020-01-27 | CVE-2019-17099 | Untrusted Search Path vulnerability in Bitdefender Endpoint Security Tools An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. | 7.8 |
| 2020-01-27 | CVE-2019-17095 | OS Command Injection vulnerability in Bitdefender BOX 2 Firmware 2.1.47.42/2.1.53.45 A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. | 9.8 |
| 2020-01-27 | CVE-2019-17096 | OS Command Injection vulnerability in Bitdefender BOX 2 Firmware and Central A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | 9.8 |
| 2020-01-27 | CVE-2019-17103 | Incorrect Default Permissions vulnerability in Bitdefender Antivirus An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. | 5.5 |
| 2020-01-27 | CVE-2019-17102 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Bitdefender BOX 2 Firmware An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. | 8.1 |
| 2020-01-27 | CVE-2019-17100 | Untrusted Search Path vulnerability in Bitdefender Total Security 2020 An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. | 6.5 |
| 2019-10-31 | CVE-2019-12612 | Unspecified vulnerability in Bitdefender BOX Firmware An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. | 7.8 |