Vulnerabilities > Bitdefender > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-18 | CVE-2021-3423 | Uncontrolled Search Path Element vulnerability in Bitdefender Gravityzone Business Security Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. | 4.6 |
| 2020-12-17 | CVE-2020-15294 | Unspecified vulnerability in Bitdefender Hypervisor Introspection Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. local bitdefender | 4.4 |
| 2020-12-14 | CVE-2020-15733 | Origin Validation Error vulnerability in Bitdefender Antivirus Plus An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. | 4.3 |
| 2020-11-09 | CVE-2020-15297 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Update Server Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. | 6.4 |
| 2020-10-02 | CVE-2020-8110 | Access of Uninitialized Pointer vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897 A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. | 5.0 |
| 2020-10-01 | CVE-2020-8109 | Out-of-bounds Write vulnerability in Bitdefender Engines 7.84063/7.84892 A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. | 5.0 |
| 2020-09-30 | CVE-2020-15731 | Improper Input Validation vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897 An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. | 4.3 |
| 2020-08-30 | CVE-2020-8097 | Improper Authentication vulnerability in Bitdefender Endpoint Security and Endpoint Security Tools An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. | 4.6 |
| 2020-08-03 | CVE-2020-8108 | Improper Authentication vulnerability in Bitdefender Endpoint Security Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. | 4.6 |
| 2020-06-22 | CVE-2020-8102 | Improper Input Validation vulnerability in Bitdefender Total Security 2020 24.0.12.69 Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. | 6.8 |