Bitdefender — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting Bitdefender. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bitdefender operates primarily as a cybersecurity firm specializing in endpoint protection, antivirus software, and threat intelligence services for both consumer and enterprise markets. Its extensive product portfolio, including antivirus engines and security suites, has historically been associated with various vulnerability classes, notably remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws within its desktop applications and web interfaces. With 73 CVEs currently on record, these issues often stem from improper input validation, insecure default configurations, or memory corruption errors in legacy components. While the company maintains a robust security posture through regular updates and a dedicated bug bounty program, past incidents highlight the complexity of securing comprehensive security platforms. These vulnerabilities typically require local access or specific user interactions to exploit, though some remote vectors have been identified, emphasizing the need for diligent patch management across its diverse software ecosystem.

CVEs 73

CVE ID	Title	CVSS	Severity	Published
CVE-2021-3959	Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145) — GravityZoneCWE-918	6.8	Medium	2021-12-16
CVE-2021-3553	Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825) — Endpoint Security ToolsCWE-918	5.3	Medium	2021-11-24
CVE-2021-3554	Improper Access Control vulnerability in the patchesUpdate API — Endpoint Security Tools for LinuxCWE-284	9.0	Critical	2021-11-24
CVE-2021-3552	Insufficient validation on regular expression in EPPUpdateService config file (VA-9825) — Endpoint Security ToolsCWE-918	5.3	Medium	2021-11-24
CVE-2021-3641	Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921) — GravityZoneCWE-59	6.1	Medium	2021-11-09
CVE-2021-3823	Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode — GravityZone Update ServerCWE-22	7.1	High	2021-10-28
CVE-2021-3576	Privilege escalation via SeImpersonatePrivilege — Endpoint Security ToolsCWE-250	7.8	High	2021-10-28
CVE-2021-3579	Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe — ENdpoint Security Tools for WindowsCWE-276	7.8	High	2021-10-28
CVE-2020-15732	Bitdefender 多款产品信任管理问题漏洞 — Total SecurityCWE-295	6.5	Medium	2021-06-22
CVE-2021-3485	Improper Input Validation in Bitdefender Endpoint Security Tools for Linux — Endpoint Security Tools for LinuxCWE-494	6.4	Medium	2021-05-24
CVE-2021-3423	Privilege escalation in Bitdefender GravityZone Business Security — GravityZone Business SecurityCWE-427	7.8	High	2021-05-18
CVE-2020-15734	Same-origin policy vulnerability in Bitdefender Safepay — SafepayCWE-346	5.5	Medium	2021-04-12
CVE-2020-15293	Memory corruption in Bitdefender Hypervisor Introspection (VA-9336) — Hypervisor IntrospectionCWE-20	6.1	Medium	2020-12-17
CVE-2020-15294	Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339) — Hypervisor IntrospectionCWE-733	7.8	High	2020-12-17
CVE-2020-15292	Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333) — Hypervisor IntrospectionCWE-20	5.5	Medium	2020-12-17
CVE-2020-15733	URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958) — Antivirus PlusCWE-346	6.5	Medium	2020-12-14
CVE-2020-15297	Bitdefender Endpoint Security Tool 代码问题漏洞 — Bitdefender Update ServerCWE-918	7.1	High	2020-11-09
CVE-2020-8110	Bitdefender ceva_emu.cvd module denial-of-service (VA-8766) — Bitdefender EnginesCWE-824	5.9	Medium	2020-10-02
CVE-2020-8109	Bitdefender ace.xmd parser out-of-bounds write (VA-8772) — Bitdefender EnginesCWE-787	5.9	Medium	2020-10-01
CVE-2020-15731	Local Privilege Escalation in Bitdefender Engines (VA-8953) — Bitdefender EnginesCWE-20	3.2	Low	2020-09-30
CVE-2020-8097	Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646) — Endpoinit Security Tools for WindowsCWE-287	8.1	High	2020-08-30
CVE-2020-8108	Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759) — Endpoint Security for MacCWE-287	8.2	High	2020-08-03
CVE-2020-8102	Insufficient URL sanitization and validation in Safepay Browser (VA-8631) — Bitdefender Total Security 2020CWE-20	8.8	High	2020-06-22
CVE-2020-8103	Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604) — Bitdefender Antivirus FreeCWE-59	7.2	High	2020-06-05
CVE-2020-8100	Incomplete validation in detection code in Bitdefender Engines (VA-8589) — Bitdefender EnginesCWE-20	9.0	Critical	2020-05-15
CVE-2020-8099	Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387) — Antivirus FreeCWE-59	7.1	High	2020-04-21
CVE-2020-8096	Untrusted Search Path Vulnerability in High-Level Antimalware SDK — High-Level Antimalware SDK for WindowsCWE-426	6.3	Medium	2020-04-07
CVE-2020-8095	Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability — Bitdefender Total Security 2020CWE-59	4.9	Medium	2020-01-30
CVE-2020-8093	Code Injection into Bitdefender AV for Mac — Bitdefender Antivirus for MacCWE-264	5.3	Medium	2020-01-29
CVE-2020-8092	Privilege escalation in Bitdefender AV for Mac — Bitdefender Antivirus for MacCWE-264	1.6	Low	2020-01-29

This page lists every published CVE security advisory associated with Bitdefender. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Bitdefender — Vulnerabilities & Security Advisories 73