CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8102 – Insufficient URL sanitization and validation in Safepay Browser (VA-8631)
https://notcve.org/view.php?id=CVE-2020-8102
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. Una Vulnerabilidad de Comprobación de Entrada Inapropiada en el componente navegador Safepay de Bitdefender Total Security 2020, permite a una página web externa especialmente diseñada ejecutar comandos remotos dentro del proceso Safepay Utility. Este problema afecta a Bitdefender Total Security 2020 versiones anteriores a 24.0.20.116 • https://www.bitdefender.com/support/security-advisories/insufficient-url-sanitization-validation-safepay-browser-va-8631 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8095 – Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-8095
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. Una vulnerabilidad en el manejo inapropiado de uniones antes de la eliminación en Bitdefender Total Security 2020, puede permitir a un atacante desencadenar una denegación de servicio en el dispositivo afectado. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of BitDefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of junctions. By creating a junction, an attacker can abuse the service to delete arbitrary files. • https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021 https://www.zerodayinitiative.com/advisories/ZDI-20-198 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17100 – Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895)
https://notcve.org/view.php?id=CVE-2019-17100
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. Una vulnerabilidad de Ruta de Búsqueda No Confiable en el archivo bdserviceshost.exe como es usado en Bitdefender Total Security 2020, permite a un atacante ejecutar código arbitrario. Este problema no afecta: Bitdefender Total Security versiones anteriores a 24.0.12.69. • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895 • CWE-426: Untrusted Search Path •