Bitdefender: Security Vulnerabilities
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .
CVSS Score
6.3
EPSS Score
0.003
Published
2020-04-07
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.
CVSS Score
4.9
EPSS Score
0.005
Published
2020-01-30
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
CVSS Score
5.3
EPSS Score
0.004
Published
2020-01-30
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
CVSS Score
1.6
EPSS Score
0.003
Published
2020-01-30
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.042
Published
2020-01-27
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.
CVSS Score
5.3
EPSS Score
0.007
Published
2020-01-27
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
CVSS Score
9.0
EPSS Score
0.021
Published
2020-01-27
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-01-27
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.
CVSS Score
5.2
EPSS Score
0.003
Published
2020-01-27
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.
CVSS Score
8.3
EPSS Score
0.019
Published
2020-01-27