Vulnerabilities > Bitdefender > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-14 | CVE-2023-3633 | Out-of-bounds Write vulnerability in Bitdefender Engines An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower. | 7.5 |
| 2023-05-24 | CVE-2022-0357 | Unquoted Search Path or Element vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | 7.8 |
| 2022-03-07 | CVE-2021-4199 | Incorrect Permission Assignment for Critical Resource vulnerability in Bitdefender products Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. | 7.2 |
| 2021-11-24 | CVE-2021-3554 | Unspecified vulnerability in Bitdefender Endpoint Security Tools and Gravityzone Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. | 7.5 |
| 2021-10-28 | CVE-2021-3576 | Improper Privilege Management vulnerability in Bitdefender Endpoint Security Tools and Total Security Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. | 7.2 |
| 2021-10-28 | CVE-2021-3823 | Path Traversal vulnerability in Bitdefender Gravityzone Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. | 7.5 |
| 2019-10-31 | CVE-2019-12612 | Unspecified vulnerability in Bitdefender BOX Firmware An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. | 7.2 |
| 2019-07-30 | CVE-2019-14242 | Code Injection vulnerability in Bitdefender products An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. | 7.2 |
| 2019-06-03 | CVE-2019-6737 | Unspecified vulnerability in Bitdefender Safepay 23.0.10.34 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. | 8.8 |
| 2018-10-24 | CVE-2018-8955 | Improper Verification of Cryptographic Signature vulnerability in Bitdefender Gravityzone The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | 7.5 |