CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15734 – Same-origin policy vulnerability in Bitdefender Safepay
https://notcve.org/view.php?id=CVE-2020-15734
12 Apr 2021 — An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29. Una vulnerabilidad de Error de Comprobación de Origen en Bitdefender Safepay permite a un atacante manipular la capacidad de carga de archivos del navegador para acceder a otros archivos en el mismo directorio o subdirectorios. Este pr... • https://www.bitdefender.com/support/security-advisories/origin-policy-vulnerability-bitdefender-safepay • CWE-346: Origin Validation Error •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15293 – Memory corruption in Bitdefender Hypervisor Introspection (VA-9336)
https://notcve.org/view.php?id=CVE-2020-15293
17 Dec 2020 — Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. Una corrupción de la memoria en IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry e IntLixFileGetPath, debido a una comprobación insuficiente de entrada de datos del invitado puede conllevar a unas condiciones de denegación de servicio • https://www.bitdefender.com/support/security-advisories/memory-corruption-bitdefender-hypervisor-introspection-va-9336 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15294 – Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)
https://notcve.org/view.php?id=CVE-2020-15294
17 Dec 2020 — Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2. Una vulnerabilidad de... • https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339 • CWE-733: Compiler Optimization Removal or Modification of Security-critical Code •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15292 – Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333)
https://notcve.org/view.php?id=CVE-2020-15292
17 Dec 2020 — Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. Una falta de comprobación en los datos leídos desde la memoria del invitado en IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol e IntLixTaskDumpTree, puede conl... • https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15733 – URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)
https://notcve.org/view.php?id=CVE-2020-15733
14 Dec 2020 — An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Error de Comprobación de Origen en el componente SafePay de Bitdefender Antivirus Plus, permite a un recurso web mostrarse incorrectamente en la barra de URL. Este problema afecta a: Bitdefender Antivirus Plus versiones anteriores a 25.0.7.29. • https://www.bitdefender.com/support/security-advisories/url-spoofing-vulnerability-bitdefender-safepay-va-8958 • CWE-346: Origin Validation Error •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15297
https://notcve.org/view.php?id=CVE-2020-15297
09 Nov 2020 — Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. Una comprobación insuficiente en los componentes Bitdefender Update Server y BEST Relay de Bitdefender Endpoint Security Tools versiones anteriores a 6.6.20.294, permite a un ata... • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-bitdefender-update-server-va-9163 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8110 – Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)
https://notcve.org/view.php?id=CVE-2020-8110
02 Oct 2020 — A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions. Se detectó una vulnerabilidad en el módulo ceva_emu.cvd que resulta de una falta de comprobación apropiada de los datos suministrados por el usuario, lo que puede resultar en un puntero que es ex... • https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8109 – Bitdefender ace.xmd parser out-of-bounds write (VA-8772)
https://notcve.org/view.php?id=CVE-2020-8109
01 Oct 2020 — A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions. Se ha detectado una vulnerabilidad en el analizador ace.xmd que resulta de una falta de comprobación apropiada de los datos suministrados por el usuario, lo que puede resultar en una escritura más allá del ... • https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15731 – Local Privilege Escalation in Bitdefender Engines (VA-8953)
https://notcve.org/view.php?id=CVE-2020-15731
30 Sep 2020 — An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448. Una vulnerabilidad de comprobación de entrada inapropiada en el código que maneja el cambio de nombre y la recuperación de archivos en Bitdefender Engines, permite a un atacante escribir un archivo arbitrario en una u... • https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8097 – Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646)
https://notcve.org/view.php?id=CVE-2020-8097
30 Aug 2020 — An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. Una vulnerabi... • https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646 • CWE-287: Improper Authentication •