CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8108 – Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759)
https://notcve.org/view.php?id=CVE-2020-8108
03 Aug 2020 — Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80. Una vulnerabilidad de Autenticación Inapropiada en Bitdefender Endpoint Security para Mac, permite a un proceso no privilegiado reiniciar el servicio principal y potencialmente inyectar código de terceros a un proceso confiab... • https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-8102 – Insufficient URL sanitization and validation in Safepay Browser (VA-8631)
https://notcve.org/view.php?id=CVE-2020-8102
22 Jun 2020 — Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. Una Vulnerabilidad de Comprobación de Entrada Inapropiada en el componente navegador Safepay de Bitdefender Total Security 2020, permite a una página web externa especialmente diseñada ejecutar comandos remotos dentr... • https://www.bitdefender.com/support/security-advisories/insufficient-url-sanitization-validation-safepay-browser-va-8631 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2020-8103 – Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604)
https://notcve.org/view.php?id=CVE-2020-8103
05 Jun 2020 — A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. Una vulnerabilidad en el manejo inapropiado de enlaces simbólicos en Bitdefender Antivirus Free, puede permitir a un usuario no privilegiado sustituir un archivo en cuarentena y restaurarlo en una ubicación privilegiada. Este problema afecta... • https://github.com/RedyOpsResearchLabs/-CVE-2020-8103-Bitdefender-Antivirus-Free-EoP • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8100 – Incomplete validation in detection code in Bitdefender Engines (VA-8589)
https://notcve.org/view.php?id=CVE-2020-8100
15 May 2020 — Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. Una vulnerabilidad de comprobación de Entrada Inapropiada en el módulo cevakrnl.rv0, tal como es utilizado en el Bitdefender Engines, permite a un atacante activar una denegación de servicio mientras escanea una muestra especialmente dise... • https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8099 – Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)
https://notcve.org/view.php?id=CVE-2020-8099
21 Apr 2020 — A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. Una vulnerabilidad en el manejo inapropiado de los enlaces en Bitdefender Antivirus Free, puede permitir a un usuario no privilegiado sustituir un archivo en cuarentena, y restaurarlo en una ubicación privilegiada. Este problema afecta: Bitdefender ... • https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8096 – Untrusted Search Path Vulnerability in High-Level Antimalware SDK
https://notcve.org/view.php?id=CVE-2020-8096
07 Apr 2020 — Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . Una vulnerabilidad de Ruta de Búsqueda No Confiable en Bitdefender High-Level Antimalware SDK para Windows, permite a un atacante cargar código de terceros a partir de una biblioteca DLL en la ruta de búsqueda. Este problema afecta a: Bit... • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-high-level-antimalware-sdk-windows • CWE-426: Untrusted Search Path •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8095 – Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-8095
30 Jan 2020 — A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. Una vulnerabilidad en el manejo inapropiado de uniones antes de la eliminación en Bitdefender Total Security 2020, puede permitir a un atacante desencadenar una denegación de servicio en el dispositivo afectado. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of BitD... • https://www.bitdefender.com/support/security-advisories/bitdefender-total-security-link-resolution-denial-service-vulnerability-va-4021 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8093 – Code Injection into Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8093
29 Jan 2020 — A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution Una vulnerabilidad en el binario AntivirusforMac como es usado en Bitdefender Antivirus para Mac, le permite a un atacante inyectar una biblioteca usando la variable de entorno DYLD para causar una ejecución de código de terceros. • https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8092 – Privilege escalation in Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8092
29 Jan 2020 — A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. Una vulnerabilidad de escalada de privilegios en BDLDaemon como es usado en Bitdefender Antivirus para Mac, permite a un atacante local obtener tokens de autenticación para peticiones enviadas hacia Bitdefender Cloud. Este proble... • https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17099 – Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)
https://notcve.org/view.php?id=CVE-2019-17099
27 Jan 2020 — An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. Una vulnerabilidad de Ruta de Búsqueda No Confiable en el archivo EPSecurityService.exe como es usado en Bitdefender Endpoint Security Tools versiones anteriores a 6.6.11.163, permite a un atacante cargar un archivo D... • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500 • CWE-426: Untrusted Search Path •