Vulnerabilites related to bitdefender - antivirus
Vulnerability from fkie_nvd
Published
2020-01-30 18:15
Modified
2024-11-21 05:38
Severity ?
1.6 (Low) - CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | antivirus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFB4761-D230-4DBB-B56A-0EC562FDF84A",
"versionEndExcluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios en BDLDaemon como es usado en Bitdefender Antivirus para Mac, permite a un atacante local obtener tokens de autenticaci\u00f3n para peticiones enviadas hacia Bitdefender Cloud. Este problema afecta a: Bitdefender Bitdefender Antivirus para Mac versiones anteriores a 8.0.0."
}
],
"id": "CVE-2020-8092",
"lastModified": "2024-11-21T05:38:17.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.1,
"impactScore": 1.4,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-30T18:15:12.317",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Broken Link"
],
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-01 11:15
Modified
2025-02-07 16:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | antivirus | 27.0.25.114 | |
| bitdefender | antivirus_plus | 27.0.25.114 | |
| bitdefender | internet_security | 27.0.25.114 | |
| bitdefender | total_security | 27.0.25.114 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:antivirus:27.0.25.114:*:*:*:free:*:*:*",
"matchCriteriaId": "074D439F-4C3C-4845-99BD-ABC7B47EE1B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:antivirus_plus:27.0.25.114:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2FDBB0-D112-4C3A-88EB-5781603B9BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:internet_security:27.0.25.114:*:*:*:*:*:*:*",
"matchCriteriaId": "D12934F6-C291-42CC-92D0-FDDEB7BC11C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:total_security:27.0.25.114:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE8BCB4-83AD-44B0-B0F7-45A43D23968B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
},
{
"lang": "es",
"value": "Un problema de configuraci\u00f3n en seccenter.exe tal como se usa en Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free permite a un atacante cambiar el comportamiento esperado del producto y potencialmente cargar una librer\u00eda de terceros durante la ejecuci\u00f3n. Este problema afecta a Total Security: 27.0.25.114; Seguridad de Internet: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus gratuito: 27.0.25.114."
}
],
"id": "CVE-2023-6154",
"lastModified": "2025-02-07T16:52:05.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-01T11:15:52.437",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-15"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-01 16:46
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | antivirus | * | |
| bitdefender | internet_security | * | |
| bitdefender | total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC261E1-DE9F-47F6-9070-016B50D03051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9F5306-24DD-4922-B115-8AD7CC855897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A319AF9-3039-446A-87CF-411E87C69219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en BitDefender ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como EEYEB-20071024. NOTA: a fecha de 29/10/2007, la \u00fanica revelaci\u00f3n es un vago preaviso sin informaci\u00f3n de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con prop\u00f3sito de seguimiento."
}
],
"id": "CVE-2007-5775",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2007-11-01T16:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.eeye.com/html/advisories/upcoming/20071024.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.eeye.com/html/advisories/upcoming/20071024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-30 00:10
Modified
2025-04-09 00:30
Severity ?
Summary
BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | antivirus | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:antivirus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B81AD6-3166-426E-8C88-F66821DEE17C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function."
},
{
"lang": "es",
"value": "BitDefender Antivirus 2008 18-01-2008 y anteriores permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) mediante un puntero no v\u00e1lido a la estructura CLIENT_ID en una llamada a la funci\u00f3n NtOpenProcess hooked System Service Descriptor Table (SSDT)."
}
],
"id": "CVE-2008-1735",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-30T00:10:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30005"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3838"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019943"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/?action=item\u0026id=2249"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28741"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1384"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/?action=item\u0026id=2249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42081"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-10 06:44
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | antivirus | 10 | |
| bitdefender | bitdefender | 10 | |
| bullguard | internet_security | 8.5 | |
| software602 | groupware_server | 6.0.08.1118 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:antivirus:10:_nil_:standard:*:*:*:*:*",
"matchCriteriaId": "99345132-856D-4E53-AE8F-101308FCC42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:bitdefender:10:_nil_:free_edition:*:*:*:*:*",
"matchCriteriaId": "62BA09A9-6D2C-4C35-BB3E-B517BCC9B6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bullguard:internet_security:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B4BB76-CF3D-45E6-BB29-F4BBB547C7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:software602:groupware_server:6.0.08.1118:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EE9C8A-9417-4A5A-90A0-5F6D8EB4370B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el m\u00f3dulo pdf.xmd en (1) BitDefender Free Edition 10 y Antivirus Standard 10, (2) BullGuard Internet Security v8.5, y (3) Software602 Groupware Server v6.0.08.1118, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo PDF manipulado, seguramente relacionado con la inclusi\u00f3n de flujos comprimidos que son procesados con el filtro ASCIIHexDecode. NOTA: algunos de \u00e9stos detalles han sido obtenidos a partir de terceros."
}
],
"id": "CVE-2008-5409",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-10T06:44:42.423",
"references": [
{
"source": "cve@mitre.org",
"url": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50010"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50103"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27805"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32789"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32814"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32396"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46750"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7178"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-30 19:15
Modified
2024-11-21 05:38
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | antivirus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDFB4761-D230-4DBB-B56A-0EC562FDF84A",
"versionEndExcluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution"
},
{
"lang": "es",
"value": "Una vulnerabilidad en el binario AntivirusforMac como es usado en Bitdefender Antivirus para Mac, le permite a un atacante inyectar una biblioteca usando la variable de entorno DYLD para causar una ejecuci\u00f3n de c\u00f3digo de terceros."
}
],
"id": "CVE-2020-8093",
"lastModified": "2024-11-21T05:38:17.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-30T19:15:11.993",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 14:15
Modified
2024-11-21 04:31
Severity ?
4.9 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | antivirus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:antivirus:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "78E50F9D-A64D-4730-8286-10BA1DB6E399",
"versionEndExcluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Permisos Predeterminados Incorrectos en el componente BDLDaemon de Bitdefender AV para Mac, permite a un atacante elevar los permisos para leer directorios protegidos. Este problema afecta: Bitdefender AV para Mac versiones anteriores a 8.0.0."
}
],
"id": "CVE-2019-17103",
"lastModified": "2024-11-21T04:31:41.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 4.0,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T14:15:11.090",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-6154 (GCVE-0-2023-6154)
Vulnerability from cvelistv5
Published
2024-04-01 10:06
Modified
2024-08-12 18:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-15 - External Control of System or Configuration Setting
Summary
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bitdefender | Total Security |
Version: 27.0.25.114 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitdefender:total_security:27.0.25.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "total_security",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:internet_security:27.0.25.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "internet_security",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:antivirus_plus:27.0.25.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "antivirus_plus",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:antivirus:27.0.25.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "antivirus",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T15:38:45.661553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T18:40:14.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Total Security",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Internet Security",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Antivirus Plus",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Antivirus Free",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "27.0.25.114"
}
]
}
],
"datePublic": "2024-04-01T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
}
],
"value": "A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product\u0027s expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114."
}
],
"impacts": [
{
"capecId": "CAPEC-203",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-203 Manipulate Registry Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-01T10:06:57.864Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automatic update to version\u0026nbsp;27.0.25.115 fixes the issue."
}
],
"value": "An automatic update to version\u00a027.0.25.115 fixes the issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation in Bitdefender Total Security (VA-11168)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2023-6154",
"datePublished": "2024-04-01T10:06:57.864Z",
"dateReserved": "2023-11-15T13:17:52.814Z",
"dateUpdated": "2024-08-12T18:40:14.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5409 (GCVE-0-2008-5409)
Vulnerability from cvelistv5
Published
2008-12-09 11:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32789"
},
{
"name": "27805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27805"
},
{
"name": "50205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50205"
},
{
"name": "7178",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7178"
},
{
"name": "50103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50103"
},
{
"name": "32396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32396"
},
{
"name": "bitdefender-pdf-dos(46750)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46750"
},
{
"name": "32814",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32814"
},
{
"name": "50010",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50010"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32789"
},
{
"name": "27805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27805"
},
{
"name": "50205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50205"
},
{
"name": "7178",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7178"
},
{
"name": "50103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50103"
},
{
"name": "32396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32396"
},
{
"name": "bitdefender-pdf-dos(46750)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46750"
},
{
"name": "32814",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32814"
},
{
"name": "50010",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50010"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32789"
},
{
"name": "27805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27805"
},
{
"name": "50205",
"refsource": "OSVDB",
"url": "http://osvdb.org/50205"
},
{
"name": "7178",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7178"
},
{
"name": "50103",
"refsource": "OSVDB",
"url": "http://osvdb.org/50103"
},
{
"name": "32396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32396"
},
{
"name": "bitdefender-pdf-dos(46750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46750"
},
{
"name": "32814",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32814"
},
{
"name": "50010",
"refsource": "OSVDB",
"url": "http://osvdb.org/50010"
},
{
"name": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip",
"refsource": "MISC",
"url": "http://milw0rm.com/sploits/2008-BitDefenderDOS.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5409",
"datePublished": "2008-12-09T11:00:00",
"dateReserved": "2008-12-08T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17103 (GCVE-0-2019-17103)
Vulnerability from cvelistv5
Published
2020-01-27 14:10
Modified
2024-09-16 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender AV for Mac |
Version: unspecified < 8.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender AV for Mac",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bugcrowd user Bohops"
}
],
"datePublic": "2019-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:10:17",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Bitdefender AV for Mac to version 8.0.0 or higher."
}
],
"source": {
"advisory": "VA-3448",
"defect": [
"VA-3448"
],
"discovery": "EXTERNAL"
},
"title": "Get-task-allow entitlement via BDLDaemon on macOS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2019-12-30T10:00:00.000Z",
"ID": "CVE-2019-17103",
"STATE": "PUBLIC",
"TITLE": "Get-task-allow entitlement via BDLDaemon on macOS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender AV for Mac",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.0.0"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bugcrowd user Bohops"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Bitdefender AV for Mac to version 8.0.0 or higher."
}
],
"source": {
"advisory": "VA-3448",
"defect": [
"VA-3448"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2019-17103",
"datePublished": "2020-01-27T14:10:17.721075Z",
"dateReserved": "2019-10-02T00:00:00",
"dateUpdated": "2024-09-16T19:09:06.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8093 (GCVE-0-2020-8093)
Vulnerability from cvelistv5
Published
2020-01-29 16:05
Modified
2024-09-17 02:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Summary
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Antivirus for Mac |
Version: unspecified < 8.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Antivirus for Mac",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bugcrowd user Bohops"
}
],
"datePublic": "2020-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-29T16:05:20",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the Antivirus for Mac solution to version 8.0.0 or higher."
}
],
"source": {
"advisory": "VA-3441",
"defect": [
"VA-3441"
],
"discovery": "EXTERNAL"
},
"title": "Code Injection into Bitdefender AV for Mac",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-01-29T10:00:00.000Z",
"ID": "CVE-2020-8093",
"STATE": "PUBLIC",
"TITLE": "Code Injection into Bitdefender AV for Mac"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Antivirus for Mac",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.0.0"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bugcrowd user Bohops"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the Antivirus for Mac solution to version 8.0.0 or higher."
}
],
"source": {
"advisory": "VA-3441",
"defect": [
"VA-3441"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8093",
"datePublished": "2020-01-29T16:05:20.241763Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T02:57:26.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1735 (GCVE-0-2008-1735)
Vulnerability from cvelistv5
Published
2008-04-29 23:00
Modified
2024-08-07 08:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1384",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1384"
},
{
"name": "3838",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3838"
},
{
"name": "30005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html"
},
{
"name": "bitdefender-ssdt-dos(42081)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42081"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2249"
},
{
"name": "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded"
},
{
"name": "28741",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28741"
},
{
"name": "1019943",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1384",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1384"
},
{
"name": "3838",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3838"
},
{
"name": "30005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html"
},
{
"name": "bitdefender-ssdt-dos(42081)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42081"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2249"
},
{
"name": "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded"
},
{
"name": "28741",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28741"
},
{
"name": "1019943",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1384",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1384"
},
{
"name": "3838",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3838"
},
{
"name": "30005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30005"
},
{
"name": "http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html",
"refsource": "MISC",
"url": "http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html"
},
{
"name": "bitdefender-ssdt-dos(42081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42081"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2249",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2249"
},
{
"name": "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded"
},
{
"name": "28741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28741"
},
{
"name": "1019943",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1735",
"datePublished": "2008-04-29T23:00:00",
"dateReserved": "2008-04-11T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5775 (GCVE-0-2007-5775)
Vulnerability from cvelistv5
Published
2007-11-01 16:04
Modified
2025-04-03 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26210",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20071024.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-5775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:20:12.336376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:21:35.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-01T16:04:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26210",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/upcoming/20071024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26210"
},
{
"name": "http://research.eeye.com/html/advisories/upcoming/20071024.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/upcoming/20071024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5775",
"datePublished": "2007-11-01T16:04:00.000Z",
"dateReserved": "2007-11-01T00:00:00.000Z",
"dateUpdated": "2025-04-03T14:21:35.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8092 (GCVE-0-2020-8092)
Vulnerability from cvelistv5
Published
2020-01-29 16:00
Modified
2024-09-17 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Summary
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Antivirus for Mac |
Version: unspecified < 8.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Antivirus for Mac",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bugcrowd user Bohops"
}
],
"datePublic": "2020-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-29T16:00:23",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499/"
}
],
"solutions": [
{
"lang": "en",
"value": "The vulnerability has been fixed in Bitdefender Antivirus for Mac version 8.0.0. An automatic update mitigates the issue."
}
],
"source": {
"advisory": "VA-3499",
"defect": [
"VA-3499"
],
"discovery": "EXTERNAL"
},
"title": "Privilege escalation in Bitdefender AV for Mac",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-01-29T10:00:00.000Z",
"ID": "CVE-2020-8092",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in Bitdefender AV for Mac"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Antivirus for Mac",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.0.0"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bugcrowd user Bohops"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The vulnerability has been fixed in Bitdefender Antivirus for Mac version 8.0.0. An automatic update mitigates the issue."
}
],
"source": {
"advisory": "VA-3499",
"defect": [
"VA-3499"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8092",
"datePublished": "2020-01-29T16:00:23.606202Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T01:00:58.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}