CVE-2019-17100

The CVE-2019-17100 entry describes an Untrusted Search Path vulnerability in bdserviceshost.exe used by Bitdefender Total Security 2020 . The issue could allow an attacker to execute arbitrary code, via a local attack vector, on affected installations. The vulnerability does not affect Bitdefende...

Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities

Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Bitdefender BOX 2 contains two remote code execution vulnerabilities in its bootstrap stage. The BOX 2 is a device that protects users’ home networks from a variety of threats...

Bitdefender Command Injection Vulnerability

BitDefender is a world-renowned antivirus program. Bitdefender has a command injection vulnerability that can be exploited by an attacker to execute system commands by mimicking an infrastructure server...

Amazon Fixes Ring Video Doorbell Flaw That Leaked Wi-Fi Credentials

UPDATE Amazon has patched a vulnerability in its Ring smart doorbell device that could allow attackers to access the owner’s Wi-Fi network credentials and potentially reconfigure the device to launch an attack on the home network, researchers have found. Researchers discovered the problem in...

CVE-2019-12612

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup...

CVE-2019-12612

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup...

Design/Logic Flaw

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup...

CVE-2019-12612

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup...

CVE-2019-12612

CVE-2019-12612 affects Bitdefender BOX firmware versions before 2.1.37.37-34. The issue allows an attacker to pass arbitrary code to the BOX appliance via the web API, requiring the attacker to be present on the Box setup network and for the BOX to be in setup mode. The connected records provide ...

CVE-2019-12611

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the...

CVE-2019-12611

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the...

Information disclosure

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the...

CVE-2019-12611

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the...

CVE-2019-12611

Bitdefender BOX firmware pre-2.1.37.37-34 is affected. The vulnerability lies in the miniupnpd implementation where specially crafted packets trigger memory allocation that is not freed, potentially causing the miniupnpd component to crash or the device to reboot. Impact is described as availabil...

Stealth Falcon Targets Middle East with Windows BITS Feature

The notorious Stealth Falcon cyberespionage group has adopted a new backdoor using the Windows Background Intelligent Transfer Service BITS in its ongoing spyware attacks against journalists, activists and dissidents in the Middle East. According to researchers at ESET, attackers are exploiting t...

Bitdefender Antivirus Free Code Issue Vulnerability

Bitdefender Antivirus Free is a free version of the Romanian company Bitdefender's suite of antivirus programs that provide mainly cyber threat detection and ransomware protection. Bitdefender Antivirus Free is vulnerable to a code issue. The vulnerability arises from an improperly designed or...

The vulnerability of the ServiceInstance.dll library in the Bitdefender Antivirus Free 2020 antivirus software allows a malicious actor to escalate their privileges.

The vulnerability of the ServiceInstance.dll library in the Bitdefender Antivirus Free 2020 antivirus tool is related to errors in checking the paths of dynamically loaded libraries. Exploiting this vulnerability can allow attackers to increase their privileges...

CVE-2019-15295

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path...

CVE-2019-15295

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path...

Design/Logic Flaw

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path...