VYPR

Vendor CVEs

Bitdefender

All CVEs

114 total · sorted by risk
  • CVE-2007-5775CriNov 1, 2007
    risk 0.69cvss 9.8epss 0.27

    Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher,…

  • CVE-2017-17409HigDec 21, 2017
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2017-17408HigDec 21, 2017
    risk 0.58cvss 8.8epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2017-10954HigOct 31, 2017
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious…

  • CVE-2017-17410HigDec 21, 2017
    risk 0.57cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2026-10047HigJun 2, 2026
    risk 0.51cvss 7.8epss 0.00

    The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without…

  • CVE-2026-10046HigJun 2, 2026
    risk 0.51cvss 7.8epss 0.00

    Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from…

  • CVE-2025-7073HigDec 10, 2025
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback)…

  • CVE-2018-6183HigMar 12, 2018
    risk 0.51cvss 7.8epss 0.00

    BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group.

  • CVE-2017-10950HigAug 29, 2017
    risk 0.46cvss 7.0epss 0.00

    This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…

  • CVE-2017-6186MedMar 21, 2017
    risk 0.44cvss 6.7epss 0.01

    Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any…

  • CVE-2025-2702MedMar 24, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in Softwin WMX3 3.1. This issue affects the function ImageAdd of the file /ImageAdd.ashx. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has…

  • CVE-2014-5350Aug 19, 2014
    risk 0.08cvss epss 0.64

    Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the…

  • CVE-2012-1463Mar 21, 2012
    risk 0.08cvss epss 0.94

    The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning…

  • CVE-2012-1459Mar 21, 2012
    risk 0.08cvss epss 1.00

    The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus…

  • CVE-2012-1457Mar 21, 2012
    risk 0.08cvss epss 0.98

    The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1,…

  • CVE-2012-1443Mar 21, 2012
    risk 0.08cvss epss 1.00

    The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft…

  • CVE-2012-1431Mar 21, 2012
    risk 0.08cvss epss 0.96

    The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and…

  • CVE-2012-1430Mar 21, 2012
    risk 0.08cvss epss 0.96

    The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising…

  • CVE-2012-1461Mar 21, 2012
    risk 0.07cvss epss 0.92

    The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7…

  • CVE-2012-1429Mar 21, 2012
    risk 0.07cvss epss 0.93

    The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly…

  • CVE-2008-5409Dec 10, 2008
    risk 0.04cvss epss 0.11

    Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or…

  • CVE-2008-0396Jan 23, 2008
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.

  • CVE-2007-6189Nov 30, 2007
    risk 0.04cvss epss 0.08

    A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string…

  • CVE-2004-1947Apr 19, 2004
    risk 0.04cvss epss 0.07

    The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that…

  • CVE-2009-0850Mar 9, 2009
    risk 0.02cvss epss 0.30

    Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file.

  • CVE-2006-6627Dec 18, 2006
    risk 0.01cvss epss 0.07

    Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5…

  • CVE-2025-5317Nov 11, 2025
    risk 0.00cvss epss 0.00

    An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually…

  • CVE-2025-2245Apr 4, 2025
    risk 0.00cvss epss 0.00

    A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing…

  • CVE-2025-2243Apr 4, 2025
    risk 0.00cvss epss 0.00

    A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party…

  • CVE-2025-2244Apr 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the sendMailFromRemoteSource method in Emails.php  as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object…

  • CVE-2024-13870Mar 12, 2025
    risk 0.00cvss epss 0.00

    An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack…

  • CVE-2024-13871Mar 12, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to…

  • CVE-2024-13872Mar 12, 2025
    risk 0.00cvss epss 0.00

    Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an…

  • CVE-2024-11128Jan 13, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or…

  • CVE-2023-49570Oct 18, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates…

  • CVE-2023-49567Oct 18, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are…

  • CVE-2023-6058Oct 18, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the…

  • CVE-2023-6057Oct 18, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to…

  • CVE-2023-6056Oct 18, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation,…

  • CVE-2023-6055Oct 18, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage…

  • CVE-2024-6980Jul 31, 2024
    risk 0.00cvss epss 0.01

    A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

  • CVE-2024-4177Jun 6, 2024
    risk 0.00cvss epss 0.00

    A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise.

  • CVE-2023-42126May 3, 2024
    risk 0.00cvss epss 0.00

    G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute…

  • CVE-2024-2224Apr 9, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include…

  • CVE-2024-2223Apr 9, 2024
    risk 0.00cvss epss 0.01

    An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:  Bitdefender Endpoint…

  • CVE-2023-6154Apr 1, 2024
    risk 0.00cvss epss 0.00

    A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library…

  • CVE-2023-3633Jul 14, 2023
    risk 0.00cvss epss 0.00

    An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.

  • CVE-2022-0357May 24, 2023
    risk 0.00cvss epss 0.00

    Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security…

  • CVE-2022-3369Nov 1, 2022
    risk 0.00cvss epss 0.00

    An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions…

Page 1 of 3