Search criteria
12 vulnerabilities found for Engines by Bitdefender
CVE-2023-3633 (GCVE-0-2023-3633)
Vulnerability from nvd – Published: 2023-07-14 19:29 – Updated: 2024-10-30 19:10
VLAI?
Title
Out of Bounds Memory Corruption Issue in CEVA Engine
Summary
An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.
Severity ?
8.1 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Engines |
Affected:
7.94791
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:09:56.659478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:10:05.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Engines",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "7.94791"
}
]
}
],
"datePublic": "2023-07-14T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An out-of-bounds write\u0026nbsp;vulnerability in Bitdefender Engines on Windows causes the engine to crash.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Bitdefender Engines version 7.94791 and lower.\u003c/span\u003e"
}
],
"value": "An out-of-bounds write\u00a0vulnerability in Bitdefender Engines on Windows causes the engine to crash.\u00a0This issue affects Bitdefender Engines version 7.94791 and lower."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T19:29:34.392Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automated update to engine version\u0026nbsp;\u003cspan style=\"background-color: rgb(244, 245, 247);\"\u003e7.94792 or higher fixes the issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An automated update to engine version\u00a07.94792 or higher fixes the issue.\n"
}
],
"source": {
"defect": [
"VA-11010"
],
"discovery": "EXTERNAL"
},
"title": "Out of Bounds Memory Corruption Issue in CEVA Engine",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2023-3633",
"datePublished": "2023-07-14T19:29:34.392Z",
"dateReserved": "2023-07-12T08:30:01.704Z",
"dateUpdated": "2024-10-30T19:10:05.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3369 (GCVE-0-2022-3369)
Vulnerability from nvd – Published: 2022-11-01 07:45 – Updated: 2025-05-02 16:06
VLAI?
Title
Improper handling of registry symbolic links in Bitdefender Engines
Summary
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659.
Severity ?
8.6 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Engines |
Affected:
unspecified , < 7.92659
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/improper-handling-of-registry-symbolic-links-in-bitdefender-engines-va-10562"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T16:05:49.235759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T16:06:44.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "7.92659",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-31T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659.\u003c/p\u003e"
}
],
"value": "An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T09:18:28.055Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://www.bitdefender.com/support/security-advisories/improper-handling-of-registry-symbolic-links-in-bitdefender-engines-va-10562"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn automatic update to Engines version 7.92659 fixes the issue.\u003c/p\u003e"
}
],
"value": "An automatic update to Engines version 7.92659 fixes the issue."
}
],
"source": {
"defect": [
"VA-10562"
],
"discovery": "EXTERNAL"
},
"title": "Improper handling of registry symbolic links in Bitdefender Engines",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2022-3369",
"datePublished": "2022-11-01T07:45:19.436Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-05-02T16:06:44.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8110 (GCVE-0-2020-8110)
Vulnerability from nvd – Published: 2020-10-02 09:55 – Updated: 2024-09-16 21:03
VLAI?
Title
Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)
Summary
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.
Severity ?
5.9 (Medium)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Engines |
Affected:
unspecified , ≤ 7.84897
(custom)
|
Credits
David Lanzenberger
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThanOrEqual": "7.84897",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Lanzenberger"
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T09:55:17",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"
}
],
"solutions": [
{
"lang": "en",
"value": "Bitdefender has issued an update in engines version 7.84897 to correct this vulnerability"
}
],
"source": {
"defect": [
"VA-8766"
],
"discovery": "EXTERNAL"
},
"title": "Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-10-01T15:00:00.000Z",
"ID": "CVE-2020-8110",
"STATE": "PUBLIC",
"TITLE": "Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Engines",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.84897"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "David Lanzenberger"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"
}
]
},
"solution": [
{
"lang": "en",
"value": "Bitdefender has issued an update in engines version 7.84897 to correct this vulnerability"
}
],
"source": {
"defect": [
"VA-8766"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8110",
"datePublished": "2020-10-02T09:55:17.917005Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T21:03:42.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8109 (GCVE-0-2020-8109)
Vulnerability from nvd – Published: 2020-10-01 13:05 – Updated: 2024-09-17 02:27
VLAI?
Title
Bitdefender ace.xmd parser out-of-bounds write (VA-8772)
Summary
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.
Severity ?
5.9 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Engines |
Affected:
unspecified , ≤ 7.84892
(custom)
|
Credits
David Lanzenberger
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThanOrEqual": "7.84892",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Lanzenberger"
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T13:05:22",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"
}
],
"solutions": [
{
"lang": "en",
"value": "Bitdefender has issued an update in engines version 7.84892 to correct this vulnerability"
}
],
"source": {
"defect": [
"VA-8772"
],
"discovery": "EXTERNAL"
},
"title": "Bitdefender ace.xmd parser out-of-bounds write (VA-8772)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-10-01T14:00:00.000Z",
"ID": "CVE-2020-8109",
"STATE": "PUBLIC",
"TITLE": "Bitdefender ace.xmd parser out-of-bounds write (VA-8772)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Engines",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.84892"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "David Lanzenberger"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"
}
]
},
"solution": [
{
"lang": "en",
"value": "Bitdefender has issued an update in engines version 7.84892 to correct this vulnerability"
}
],
"source": {
"defect": [
"VA-8772"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8109",
"datePublished": "2020-10-01T13:05:23.197488Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T02:27:57.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15731 (GCVE-0-2020-15731)
Vulnerability from nvd – Published: 2020-09-30 11:55 – Updated: 2024-09-16 22:20
VLAI?
Title
Local Privilege Escalation in Bitdefender Engines (VA-8953)
Summary
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Engines |
Affected:
unspecified , < 7.85448
(custom)
|
Credits
HOU JINGYI
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "7.85448",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "HOU JINGYI"
}
],
"datePublic": "2020-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T11:55:17",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953"
}
],
"solutions": [
{
"lang": "en",
"value": "An automatic update to Bitdefender Engines version 7.85448 fixes the issue."
}
],
"source": {
"defect": [
"VA-8953"
],
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Bitdefender Engines (VA-8953)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-09-30T08:00:00.000Z",
"ID": "CVE-2020-15731",
"STATE": "PUBLIC",
"TITLE": "Local Privilege Escalation in Bitdefender Engines (VA-8953)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Engines",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.85448"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "HOU JINGYI"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953"
}
]
},
"solution": [
{
"lang": "en",
"value": "An automatic update to Bitdefender Engines version 7.85448 fixes the issue."
}
],
"source": {
"defect": [
"VA-8953"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-15731",
"datePublished": "2020-09-30T11:55:18.065802Z",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-09-16T22:20:25.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8100 (GCVE-0-2020-8100)
Vulnerability from nvd – Published: 2020-05-15 09:20 – Updated: 2024-09-16 20:43
VLAI?
Title
Incomplete validation in detection code in Bitdefender Engines (VA-8589)
Summary
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.
Severity ?
9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Engines |
Affected:
unspecified , < 7.84063
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "7.84063",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-15T09:20:11",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589/"
}
],
"solutions": [
{
"lang": "en",
"value": "An automatic update to engines version 7.84063 fixes the issue."
}
],
"source": {
"defect": [
"VA-8589"
],
"discovery": "EXTERNAL"
},
"title": "Incomplete validation in detection code in Bitdefender Engines (VA-8589)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-05-11T14:00:00.000Z",
"ID": "CVE-2020-8100",
"STATE": "PUBLIC",
"TITLE": "Incomplete validation in detection code in Bitdefender Engines (VA-8589)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Engines",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.84063"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589/"
}
]
},
"solution": [
{
"lang": "en",
"value": "An automatic update to engines version 7.84063 fixes the issue."
}
],
"source": {
"defect": [
"VA-8589"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8100",
"datePublished": "2020-05-15T09:20:11.849876Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T20:43:36.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3633 (GCVE-0-2023-3633)
Vulnerability from cvelistv5 – Published: 2023-07-14 19:29 – Updated: 2024-10-30 19:10
VLAI?
Title
Out of Bounds Memory Corruption Issue in CEVA Engine
Summary
An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.
Severity ?
8.1 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Engines |
Affected:
7.94791
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:09:56.659478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:10:05.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Engines",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "7.94791"
}
]
}
],
"datePublic": "2023-07-14T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An out-of-bounds write\u0026nbsp;vulnerability in Bitdefender Engines on Windows causes the engine to crash.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Bitdefender Engines version 7.94791 and lower.\u003c/span\u003e"
}
],
"value": "An out-of-bounds write\u00a0vulnerability in Bitdefender Engines on Windows causes the engine to crash.\u00a0This issue affects Bitdefender Engines version 7.94791 and lower."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T19:29:34.392Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automated update to engine version\u0026nbsp;\u003cspan style=\"background-color: rgb(244, 245, 247);\"\u003e7.94792 or higher fixes the issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An automated update to engine version\u00a07.94792 or higher fixes the issue.\n"
}
],
"source": {
"defect": [
"VA-11010"
],
"discovery": "EXTERNAL"
},
"title": "Out of Bounds Memory Corruption Issue in CEVA Engine",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2023-3633",
"datePublished": "2023-07-14T19:29:34.392Z",
"dateReserved": "2023-07-12T08:30:01.704Z",
"dateUpdated": "2024-10-30T19:10:05.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3369 (GCVE-0-2022-3369)
Vulnerability from cvelistv5 – Published: 2022-11-01 07:45 – Updated: 2025-05-02 16:06
VLAI?
Title
Improper handling of registry symbolic links in Bitdefender Engines
Summary
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659.
Severity ?
8.6 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Engines |
Affected:
unspecified , < 7.92659
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/improper-handling-of-registry-symbolic-links-in-bitdefender-engines-va-10562"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T16:05:49.235759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T16:06:44.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "7.92659",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-31T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659.\u003c/p\u003e"
}
],
"value": "An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T09:18:28.055Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://www.bitdefender.com/support/security-advisories/improper-handling-of-registry-symbolic-links-in-bitdefender-engines-va-10562"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn automatic update to Engines version 7.92659 fixes the issue.\u003c/p\u003e"
}
],
"value": "An automatic update to Engines version 7.92659 fixes the issue."
}
],
"source": {
"defect": [
"VA-10562"
],
"discovery": "EXTERNAL"
},
"title": "Improper handling of registry symbolic links in Bitdefender Engines",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2022-3369",
"datePublished": "2022-11-01T07:45:19.436Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-05-02T16:06:44.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8110 (GCVE-0-2020-8110)
Vulnerability from cvelistv5 – Published: 2020-10-02 09:55 – Updated: 2024-09-16 21:03
VLAI?
Title
Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)
Summary
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.
Severity ?
5.9 (Medium)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Engines |
Affected:
unspecified , ≤ 7.84897
(custom)
|
Credits
David Lanzenberger
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThanOrEqual": "7.84897",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Lanzenberger"
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T09:55:17",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"
}
],
"solutions": [
{
"lang": "en",
"value": "Bitdefender has issued an update in engines version 7.84897 to correct this vulnerability"
}
],
"source": {
"defect": [
"VA-8766"
],
"discovery": "EXTERNAL"
},
"title": "Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-10-01T15:00:00.000Z",
"ID": "CVE-2020-8110",
"STATE": "PUBLIC",
"TITLE": "Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Engines",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.84897"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "David Lanzenberger"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"
}
]
},
"solution": [
{
"lang": "en",
"value": "Bitdefender has issued an update in engines version 7.84897 to correct this vulnerability"
}
],
"source": {
"defect": [
"VA-8766"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8110",
"datePublished": "2020-10-02T09:55:17.917005Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T21:03:42.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8109 (GCVE-0-2020-8109)
Vulnerability from cvelistv5 – Published: 2020-10-01 13:05 – Updated: 2024-09-17 02:27
VLAI?
Title
Bitdefender ace.xmd parser out-of-bounds write (VA-8772)
Summary
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.
Severity ?
5.9 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Engines |
Affected:
unspecified , ≤ 7.84892
(custom)
|
Credits
David Lanzenberger
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThanOrEqual": "7.84892",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Lanzenberger"
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T13:05:22",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"
}
],
"solutions": [
{
"lang": "en",
"value": "Bitdefender has issued an update in engines version 7.84892 to correct this vulnerability"
}
],
"source": {
"defect": [
"VA-8772"
],
"discovery": "EXTERNAL"
},
"title": "Bitdefender ace.xmd parser out-of-bounds write (VA-8772)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-10-01T14:00:00.000Z",
"ID": "CVE-2020-8109",
"STATE": "PUBLIC",
"TITLE": "Bitdefender ace.xmd parser out-of-bounds write (VA-8772)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Engines",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.84892"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "David Lanzenberger"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"
}
]
},
"solution": [
{
"lang": "en",
"value": "Bitdefender has issued an update in engines version 7.84892 to correct this vulnerability"
}
],
"source": {
"defect": [
"VA-8772"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8109",
"datePublished": "2020-10-01T13:05:23.197488Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T02:27:57.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15731 (GCVE-0-2020-15731)
Vulnerability from cvelistv5 – Published: 2020-09-30 11:55 – Updated: 2024-09-16 22:20
VLAI?
Title
Local Privilege Escalation in Bitdefender Engines (VA-8953)
Summary
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Engines |
Affected:
unspecified , < 7.85448
(custom)
|
Credits
HOU JINGYI
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "7.85448",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "HOU JINGYI"
}
],
"datePublic": "2020-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T11:55:17",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953"
}
],
"solutions": [
{
"lang": "en",
"value": "An automatic update to Bitdefender Engines version 7.85448 fixes the issue."
}
],
"source": {
"defect": [
"VA-8953"
],
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Bitdefender Engines (VA-8953)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-09-30T08:00:00.000Z",
"ID": "CVE-2020-15731",
"STATE": "PUBLIC",
"TITLE": "Local Privilege Escalation in Bitdefender Engines (VA-8953)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Engines",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.85448"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "HOU JINGYI"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-engines-va-8953"
}
]
},
"solution": [
{
"lang": "en",
"value": "An automatic update to Bitdefender Engines version 7.85448 fixes the issue."
}
],
"source": {
"defect": [
"VA-8953"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-15731",
"datePublished": "2020-09-30T11:55:18.065802Z",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-09-16T22:20:25.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8100 (GCVE-0-2020-8100)
Vulnerability from cvelistv5 – Published: 2020-05-15 09:20 – Updated: 2024-09-16 20:43
VLAI?
Title
Incomplete validation in detection code in Bitdefender Engines (VA-8589)
Summary
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.
Severity ?
9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Bitdefender Engines |
Affected:
unspecified , < 7.84063
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitdefender Engines",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "7.84063",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-15T09:20:11",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589/"
}
],
"solutions": [
{
"lang": "en",
"value": "An automatic update to engines version 7.84063 fixes the issue."
}
],
"source": {
"defect": [
"VA-8589"
],
"discovery": "EXTERNAL"
},
"title": "Incomplete validation in detection code in Bitdefender Engines (VA-8589)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-05-11T14:00:00.000Z",
"ID": "CVE-2020-8100",
"STATE": "PUBLIC",
"TITLE": "Incomplete validation in detection code in Bitdefender Engines (VA-8589)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitdefender Engines",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.84063"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/incomplete-validation-detection-code-bitdefender-engines-va-8589/"
}
]
},
"solution": [
{
"lang": "en",
"value": "An automatic update to engines version 7.84063 fixes the issue."
}
],
"source": {
"defect": [
"VA-8589"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8100",
"datePublished": "2020-05-15T09:20:11.849876Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T20:43:36.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}