CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8094 – Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 (VA-8422)
https://notcve.org/view.php?id=CVE-2020-8094
15 Jan 2025 — An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file. • https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-antivirus-free-2020-va-8422 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-6154 – Local privilege escalation in Bitdefender Total Security (VA-11168)
https://notcve.org/view.php?id=CVE-2023-6154
01 Apr 2024 — A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. Un problema de configuración en seccenter.exe tal como se usa en Bitdefender Total... • https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0357 – Improper Quoting Path Issue in Bitdefender Total Security
https://notcve.org/view.php?id=CVE-2022-0357
24 May 2023 — Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdef... • https://www.bitdefender.com/support/security-advisories/improper-quoting-path-issue-in-bitdefender-total-security • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4199 – Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017)
https://notcve.org/view.php?id=CVE-2021-4199
07 Mar 2022 — Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security ... • https://www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-4198 – messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
https://notcve.org/view.php?id=CVE-2021-4198
07 Mar 2022 — A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools version... • https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016 • CWE-476: NULL Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8107 – Process Control vulnerability in Bitdefender Antivirus Plus
https://notcve.org/view.php?id=CVE-2020-8107
18 Feb 2022 — A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. Una vulnerabilidad de Control de Procesos en ProductAgentUI.exe usado en Bitdefender Antivirus Plus permite a un atacante manipular la con... • https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709 • CWE-114: Process Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15732
https://notcve.org/view.php?id=CVE-2020-15732
22 Jun 2021 — Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como... • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15733 – URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)
https://notcve.org/view.php?id=CVE-2020-15733
14 Dec 2020 — An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Error de Comprobación de Origen en el componente SafePay de Bitdefender Antivirus Plus, permite a un recurso web mostrarse incorrectamente en la barra de URL. Este problema afecta a: Bitdefender Antivirus Plus versiones anteriores a 25.0.7.29. • https://www.bitdefender.com/support/security-advisories/url-spoofing-vulnerability-bitdefender-safepay-va-8958 • CWE-346: Origin Validation Error •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2020-8103 – Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604)
https://notcve.org/view.php?id=CVE-2020-8103
05 Jun 2020 — A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. Una vulnerabilidad en el manejo inapropiado de enlaces simbólicos en Bitdefender Antivirus Free, puede permitir a un usuario no privilegiado sustituir un archivo en cuarentena y restaurarlo en una ubicación privilegiada. Este problema afecta... • https://github.com/RedyOpsResearchLabs/-CVE-2020-8103-Bitdefender-Antivirus-Free-EoP • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8099 – Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)
https://notcve.org/view.php?id=CVE-2020-8099
21 Apr 2020 — A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. Una vulnerabilidad en el manejo inapropiado de los enlaces en Bitdefender Antivirus Free, puede permitir a un usuario no privilegiado sustituir un archivo en cuarentena, y restaurarlo en una ubicación privilegiada. Este problema afecta: Bitdefender ... • https://www.bitdefender.com/support/security-advisories/link-resolution-privilege-escalation-vulnerability-in-bitdefender-antivirus-free-va-8387 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •