Vulnerabilities > Bitdefender > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-30 | CVE-2020-8097 | Improper Authentication vulnerability in Bitdefender Endpoint Security and Endpoint Security Tools An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. | 7.8 |
| 2020-08-03 | CVE-2020-8108 | Improper Authentication vulnerability in Bitdefender Endpoint Security Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. | 8.8 |
| 2020-06-22 | CVE-2020-8102 | Improper Input Validation vulnerability in Bitdefender Total Security 2020 24.0.12.69 Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. | 8.8 |
| 2020-06-05 | CVE-2020-8103 | Link Following vulnerability in Bitdefender Antivirus 2020 1.0.15.138/1.0.17/1.0.17.169 A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. | 7.1 |
| 2020-05-15 | CVE-2020-8100 | Improper Input Validation vulnerability in Bitdefender Engines Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. | 7.5 |
| 2020-01-30 | CVE-2020-8093 | Injection vulnerability in Bitdefender Antivirus A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | 7.8 |
| 2020-01-27 | CVE-2019-17099 | Untrusted Search Path vulnerability in Bitdefender Endpoint Security Tools An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. | 7.8 |
| 2020-01-27 | CVE-2019-17102 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Bitdefender BOX 2 Firmware An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. | 8.1 |
| 2019-10-31 | CVE-2019-12612 | Unspecified vulnerability in Bitdefender BOX Firmware An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. | 7.8 |
| 2019-08-21 | CVE-2019-15295 | Untrusted Search Path vulnerability in Bitdefender Antivirus 2020 An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path. | 7.8 |