CVE-2023-49567

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5...

CVE-2023-49570 Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210)

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant ...

CVE-2023-49570

CVE-2023-49570 affects Bitdefender Total Security through HTTPS scanning trust management. The flaw arises when the product trusts a certificate whose Basic Constraints mark it as an End Entity, enabling potential MITM where an attacker could intercept and possibly modify traffic between a user a...

CVE-2023-49570 Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210)

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant ...

CVE-2023-49567 Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239)

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5...

CVE-2023-49567

The CVE concerns Bitdefender Total Security HTTPS scanning that incorrectly validates site certificates, allowing MITM SSL connections. Affected software: Bitdefender Total Security (HTTPS scanning component). Root cause: trust of certificates issued using MD5 and SHA1 collision hash functions en...

CVE-2023-6058 HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167)

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for...

CVE-2023-6058

Summary: CVE-2023-6058 affects Bitdefender Safepay’s HTTPS handling. When a connection is blocked due to an untrusted server certificate, users can still add the site to exceptions, after which Safepay will trust that certificate for subsequent HTTPS scans. This creates a potential MITM path wher...

CVE-2023-6058 HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167)

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for...

CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL...

CVE-2023-6057

The CVE-2023-6057 entry describes a vulnerability in Bitdefender Total Security HTTPS scanning where the product incorrectly trusts certificates issued with the DSA signature algorithm due to improper certificate-chain checking. This can enable an attacker to perform MITM SSL connections to arbit...

CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL...

CVE-2023-6056 Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to...

CVE-2023-6056

CVE-2023-6056 describes a vulnerability in Bitdefender Total Security’s HTTPS scanning that causes improper trust of self-signed certificates, specifically those signed with the RIPEMD-160 hash, without proper validation. This weakness can enable a man‑in‑the‑middle (MITM) SSL connection to arbit...

CVE-2023-6056 Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to...

CVE-2023-6055 Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158)

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product...

CVE-2023-6055

CVE-2023-6055 describes a certificate validation flaw in Bitdefender Total Security’s HTTPS scanning. The vulnerability occurs when the site certificate lacks the Extended Key Usage spec for Server Authentication; the product may consider such certificates valid and proceed with TLS interception,...

CVE-2023-6055 Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158)

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product...

PT-2024-13750 · Bitdefender · Bitdefender Total Security

Name of the Vulnerable Software and Affected Versions: Bitdefender Total Security versions prior to the latest version Description: A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't...

Unspecified Vulnerability in Mozilla Firefox for iOS

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox for iOS prior to version 131.2, which originates when opening an external link to an HTTP website under certain circumstances, and can be exploited by...