CVE-2020-15732
https://notcve.org/view.php?id=CVE-2020-15732
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como es usado en Bitdefender Total Security, permite a un atacante omitir potencialmente las comprobaciones de HTTP Strict Transport Security (HSTS). • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •
CVE-2020-15733 – URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)
https://notcve.org/view.php?id=CVE-2020-15733
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Error de Comprobación de Origen en el componente SafePay de Bitdefender Antivirus Plus, permite a un recurso web mostrarse incorrectamente en la barra de URL. Este problema afecta a: Bitdefender Antivirus Plus versiones anteriores a 25.0.7.29. • https://www.bitdefender.com/support/security-advisories/url-spoofing-vulnerability-bitdefender-safepay-va-8958 • CWE-346: Origin Validation Error •
CVE-2020-8103 – Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604)
https://notcve.org/view.php?id=CVE-2020-8103
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. Una vulnerabilidad en el manejo inapropiado de enlaces simbólicos en Bitdefender Antivirus Free, puede permitir a un usuario no privilegiado sustituir un archivo en cuarentena y restaurarlo en una ubicación privilegiada. Este problema afecta a Bitdefender Antivirus Free versiones anteriores a 1.0.17.178 • https://github.com/RedyOpsResearchLabs/-CVE-2020-8103-Bitdefender-Antivirus-Free-EoP https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-bitdefender-antivirus-free-va-8604 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-8099 – Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)
https://notcve.org/view.php?id=CVE-2020-8099
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. Una vulnerabilidad en el manejo inapropiado de los enlaces en Bitdefender Antivirus Free, puede permitir a un usuario no privilegiado sustituir un archivo en cuarentena, y restaurarlo en una ubicación privilegiada. Este problema afecta: Bitdefender Antivirus Free versiones anteriores a la versión 1.0.17. • https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-8093 – Code Injection into Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8093
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution Una vulnerabilidad en el binario AntivirusforMac como es usado en Bitdefender Antivirus para Mac, le permite a un atacante inyectar una biblioteca usando la variable de entorno DYLD para causar una ejecución de código de terceros. • https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-264: Permissions, Privileges, and Access Controls •