Design/Logic Flaw

A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device...

CVE-2020-8095

CVE-2020-8095 affects Bitdefender Total Security 2020, where the vulnerability lies in the incorrect handling of junctions. A local attacker with low privileges can exploit the flaw by creating a junction, abusing the service to delete arbitrary files, and causing a denial-of-service condition on...

CVE-2020-8095 Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability

A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device...

CVE-2020-8093

A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution...

CVE-2020-8093

A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution...

CVE-2020-8092

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0...

CVE-2020-8092

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0...

Privilege escalation

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0...

CVE-2020-8093

Bitdefender Antivirus for Mac is affected by CVE-2020-8093 in the AntivirusforMac binary. The underlying issue allows an attacker to inject a library via the DYLD environment variable, enabling third-party code execution. This is described across multiple sources (NVD/CVE entry and vendor advisor...

CVE-2020-8093 Code Injection into Bitdefender AV for Mac

A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution...

CVE-2020-8092 Privilege escalation in Bitdefender AV for Mac

A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0...

CVE-2020-8092

CVE-2020-8092 affects Bitdefender Antivirus for Mac and its BDLDaemon. A privilege escalation allows a local attacker to obtain authentication tokens used for requests to the Bitdefender Cloud, impacting versions prior to 8.0.0. The root cause is a privilege/permission issue in BDLDaemon that ena...

CVE-2019-17096

CVE-2019-17096 is a Bitdefender BOX 2 bootstrap command-injection vulnerability. In the bootstrap flow, the device fetches firmware/image data via /api/download_image, which uses get_image_url() to obtain a URL from the Nimbus server and then executes a curl command to download the image. The cod...

CVE-2019-17096 Bitdefender BOX 2 bootstrap get_image_size command injection vulnerability

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...

CVE-2019-17095

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

CVE-2019-17099

An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163...

CVE-2019-17095

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

CVE-2019-17099

An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163...

Command injection

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

CVE-2019-17099

CVE-2019-17099 affects Bitdefender Endpoint Security Tools, specifically EPSecurityService.exe, in versions prior to 6.6.11.163. The issue is an Untrusted Search Path vulnerability that allows loading an arbitrary DLL from the search path. Evidence across sources confirms the vulnerable component...