Vendor CVEs
Bitdefender
All CVEs
114 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18058 | 0.00 | — | 0.01 | May 24, 2019 | An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities,… | |||
| CVE-2018-18059 | 0.00 | — | 0.01 | May 24, 2019 | An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other… | |||
| CVE-2018-18060 | 0.00 | — | 0.01 | May 24, 2019 | An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered in the dalvik.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other… | |||
| CVE-2017-8931 | 0.00 | — | 0.02 | Oct 30, 2018 | Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors. | |||
| CVE-2018-8955 | 0.00 | — | 0.04 | Oct 24, 2018 | The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | |||
| CVE-2010-5154 | 0.00 | — | 0.00 | Aug 25, 2012 | Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain… | |||
| CVE-2008-6661 | 0.00 | — | 0.04 | Apr 7, 2009 | Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed (1) NeoLite and (2) ASProtect packed PE file. | |||
| CVE-2008-1735 | 0.00 | — | 0.00 | Apr 30, 2008 | BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. | |||
| CVE-2007-0391 | 0.00 | — | 0.00 | Jan 19, 2007 | Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings. | |||
| CVE-2006-6405 | 0.00 | — | 0.01 | Dec 10, 2006 | BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||
| CVE-2005-3211 | 0.00 | — | 0.02 | Oct 14, 2005 | Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as… | |||
| CVE-2005-3154 | 0.00 | — | 0.04 | Oct 5, 2005 | Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name. | |||
| CVE-2005-2298 | 0.00 | — | 0.01 | Jul 19, 2005 | BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards. | |||
| CVE-2005-1286 | 0.00 | — | 0.00 | May 2, 2005 | Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. |
- CVE-2018-18058May 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities,…
- CVE-2018-18059May 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Bitdefender Engines before 7.76675. A vulnerability has been discovered in the rar.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other…
- CVE-2018-18060May 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Bitdefender Engines before 7.76808. A vulnerability has been discovered in the dalvik.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Paired with other…
- CVE-2017-8931Oct 30, 2018risk 0.00cvss —epss 0.02
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
- CVE-2018-8955Oct 24, 2018risk 0.00cvss —epss 0.04
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged.
- CVE-2010-5154Aug 25, 2012risk 0.00cvss —epss 0.00
Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain…
- CVE-2008-6661Apr 7, 2009risk 0.00cvss —epss 0.04
Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed (1) NeoLite and (2) ASProtect packed PE file.
- CVE-2008-1735Apr 30, 2008risk 0.00cvss —epss 0.00
BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.
- CVE-2007-0391Jan 19, 2007risk 0.00cvss —epss 0.00
Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.
- CVE-2006-6405Dec 10, 2006risk 0.00cvss —epss 0.01
BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
- CVE-2005-3211Oct 14, 2005risk 0.00cvss —epss 0.02
Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as…
- CVE-2005-3154Oct 5, 2005risk 0.00cvss —epss 0.04
Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
- CVE-2005-2298Jul 19, 2005risk 0.00cvss —epss 0.01
BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards.
- CVE-2005-1286May 2, 2005risk 0.00cvss —epss 0.00
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
Page 3 of 3