CVE-2019-17099 Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)

An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163...

CVE-2019-17095

CVE-2019-17095/17096 affect Bitdefender BOX 2 in bootstrap mode. The vulnerability stems from the bootstrap download_image path, where the device retrieves a firmware URL from nimbus.bitdefender.net via a JSON-RPC response and then shells out to curl/os.execute without validating the URL. This al...

CVE-2019-17095 Bitdefender BOX 2 bootstrap download_image command injection vulnerability

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

CVE-2019-17096

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...

CVE-2019-17096

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...

Command injection

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...

CVE-2019-17103

An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0...

CVE-2019-17103

An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0...

CVE-2019-17100

An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69...

CVE-2019-17102

An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution of system...

CVE-2019-17102

An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution of system...

CVE-2019-17100

An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69...

Design/Logic Flaw

An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0...

Race condition

An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution of system...

Design/Logic Flaw

An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69...

CVE-2019-17103

CVE-2019-17103 concerns an Incorrect Default Permissions issue in the BDLDaemon component of Bitdefender AV for Mac, enabling an attacker to elevate privileges to read protected directories. Affected software: Bitdefender AV for Mac, prior to version 8.0.0. Root cause: incorrect default permissio...

CVE-2019-17103 Get-task-allow entitlement via BDLDaemon on macOS

An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0...

CVE-2019-17102

The CVE-2019-17102 issue affects Bitdefender BOX 2 bootstrapping. A TOCTTOU race condition arises in the update_setup flow: POST requests to /api/update_setup acquire an atomic lock, but the parallel forked update_setup runs install_full_ws after extracting a signed full_ws.tar.gz. An attacker ca...

CVE-2019-17102 Bitdefender BOX v2 bootstrap update_setup command execution vulnerability (VA-2226)

An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution of system...

CVE-2019-17100

The CVE-2019-17100 entry describes an Untrusted Search Path vulnerability in bdserviceshost.exe used by Bitdefender Total Security 2020 . The issue could allow an attacker to execute arbitrary code, via a local attack vector, on affected installations. The vulnerability does not affect Bitdefende...