CVE-2020-8096 – Untrusted Search Path Vulnerability in High-Level Antimalware SDK
https://notcve.org/view.php?id=CVE-2020-8096
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . Una vulnerabilidad de Ruta de Búsqueda No Confiable en Bitdefender High-Level Antimalware SDK para Windows, permite a un atacante cargar código de terceros a partir de una biblioteca DLL en la ruta de búsqueda. Este problema afecta a: Bitdefender High-Level Antimalware SDK para Windows versiones anteriores a 3.0.1.204. • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-high-level-antimalware-sdk-windows • CWE-426: Untrusted Search Path •
CVE-2020-8095 – Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-8095
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. Una vulnerabilidad en el manejo inapropiado de uniones antes de la eliminación en Bitdefender Total Security 2020, puede permitir a un atacante desencadenar una denegación de servicio en el dispositivo afectado. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of BitDefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of junctions. By creating a junction, an attacker can abuse the service to delete arbitrary files. • https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021 https://www.zerodayinitiative.com/advisories/ZDI-20-198 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-8093 – Code Injection into Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8093
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution Una vulnerabilidad en el binario AntivirusforMac como es usado en Bitdefender Antivirus para Mac, le permite a un atacante inyectar una biblioteca usando la variable de entorno DYLD para causar una ejecución de código de terceros. • https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVE-2020-8092 – Privilege escalation in Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8092
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. Una vulnerabilidad de escalada de privilegios en BDLDaemon como es usado en Bitdefender Antivirus para Mac, permite a un atacante local obtener tokens de autenticación para peticiones enviadas hacia Bitdefender Cloud. Este problema afecta a: Bitdefender Bitdefender Antivirus para Mac versiones anteriores a 8.0.0. • https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVE-2019-17099 – Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)
https://notcve.org/view.php?id=CVE-2019-17099
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. Una vulnerabilidad de Ruta de Búsqueda No Confiable en el archivo EPSecurityService.exe como es usado en Bitdefender Endpoint Security Tools versiones anteriores a 6.6.11.163, permite a un atacante cargar un archivo DLL arbitrario desde la ruta de búsqueda. Este problema afecta a: EPSecurityService.exe de Bitdefender versiones anteriores a 6.6.11.163. • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500 • CWE-426: Untrusted Search Path •