Lucene search
K
BitdefenderTotal Security

20 matches found

CVE
CVE
added 2022/03/07 11:30 a.m.115 views

CVE-2021-4198

CVE-2021-4198 is a NULL pointer dereference in Bitdefender’s messaging_ipc.dll affecting multiple Bitdefender products. Affected versions include Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, and VPN Standalone, with vulnerable build dates prior to 26.0.3.29 (and End...

6.1CVSS6.1AI score0.00557EPSS
CVE
CVE
added 2022/03/07 11:35 a.m.91 views

CVE-2021-4199

CVE-2021-4199 is a local privilege-escalation flaw in Bitdefender products where BDReinit.exe’s crash-handling component suffers incorrect permission assignment for a critical resource, enabling a local attacker to escalate to SYSTEM. Affected are Bitdefender Total Security, Internet Security, An...

7.8CVSS7.7AI score0.00758EPSS
CVE
CVE
added 2022/02/18 8:20 a.m.66 views

CVE-2020-8107

The CVE-2020-8107 entry concerns a vulnerability in Bitdefender Antivirus Plus (ProductAgentUI.exe) where a specially crafted DLL can tamper with product settings. Affected products are Bitdefender Antivirus Plus, Internet Security, and Total Security with versions prior to 24.0.26.136. The root ...

8.2CVSS7.6AI score0.00319EPSS
CVE
CVE
added 2024/04/01 10:6 a.m.65 views

CVE-2023-6154

CVE-2023-6154 affects Bitdefender Total Security, Internet Security, Antivirus Plus, and Antivirus Free (all reported as 27.0.25.114). Root cause: a configuration setting issue in seccenter.exe that allows an attacker to change the product’s expected behavior and potentially load a third‑party li...

7.8CVSS7.6AI score0.002EPSS
CVE
CVE
added 2007/11/01 4:4 p.m.63 views

CVE-2007-5775

CVE-2007-5775 affects BitDefender Online Scanner ActiveX controls (OScan.ocx / OScan8.ocx). The vulnerability is a buffer overflow in the ActiveX control’s InitX/InitX-like handling and related Unicode processing, caused by improper validation and a double Unicode decoding, enabling a remote atta...

9.8CVSS7.5AI score0.26909EPSS
CVE
CVE
added 2021/10/28 1:50 p.m.62 views

CVE-2021-3579

CVE-2021-3579 affects Bitdefender Endpoint Security Tools for Windows and Bitdefender Total Security prior to 7.2.1.65. The issue is an Incorrect Default Permissions in the bdservicehost.exe and Vulnerability.Scan.exe components, enabling a local attacker to escalate privileges to NT AUTHORITY\SY...

7.8CVSS7.4AI score0.00708EPSS
CVE
CVE
added 2024/10/18 7:59 a.m.61 views

CVE-2023-49567

The CVE concerns Bitdefender Total Security HTTPS scanning that incorrectly validates site certificates, allowing MITM SSL connections. Affected software: Bitdefender Total Security (HTTPS scanning component). Root cause: trust of certificates issued using MD5 and SHA1 collision hash functions en...

8.6CVSS6.6AI score0.00179EPSS
CVE
CVE
added 2021/10/28 1:50 p.m.59 views

CVE-2021-3576

CVE-2021-3576 is a local privilege-escalation vulnerability in Bitdefender products (Endpoint Security Tools and Total Security). The root cause is an impersonation flaw where an untrusted process can impersonate the client of a pipe, enabling a local attacker to elevate to NT AUTHORITY\System. A...

7.8CVSS7.4AI score0.00942EPSS
CVE
CVE
added 2017/08/29 1:0 p.m.57 views

CVE-2017-10950

CVE-2017-10950 affects Bitdefender Total Security (bdfwfpf kernel driver). The vulnerability lies in the handling of IOCTL 0x8000E038 where the driver fails to validate the existence of an object before operating on it, enabling a local attacker to execute arbitrary code in the SYSTEM context. Ex...

7CVSS7AI score0.00344EPSS
CVE
CVE
added 2017/03/21 4:0 p.m.55 views

CVE-2017-6186

Bitdefender products Bitdefender Total Security 12.0 and earlier, Bitdefender Internet Security 12.0 and earlier, and Bitdefender Antivirus Plus 12.0 and earlier are listed as vulnerable to a local code-injection attack (CVE-2017-6186) via a DoubleAgent technique. The root cause described across ...

7.2CVSS6.5AI score0.00752EPSS
CVE
CVE
added 2023/05/24 7:53 a.m.55 views

CVE-2022-0357

CVE-2022-0357 is an Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Internet Security, and Antivirus Plus. The issue allows local privilege escalation to SYSTEM. Affected products/versions are Bitdefender Total Security, Internet Se...

7.8CVSS6.9AI score0.00188EPSS
CVE
CVE
added 2024/10/18 7:17 a.m.51 views

CVE-2023-6055

CVE-2023-6055 describes a certificate validation flaw in Bitdefender Total Security’s HTTPS scanning. The vulnerability occurs when the site certificate lacks the Extended Key Usage spec for Server Authentication; the product may consider such certificates valid and proceed with TLS interception,...

8.6CVSS7.3AI score0.00239EPSS
CVE
CVE
added 2024/10/18 7:31 a.m.51 views

CVE-2023-6056

CVE-2023-6056 describes a vulnerability in Bitdefender Total Security’s HTTPS scanning that causes improper trust of self-signed certificates, specifically those signed with the RIPEMD-160 hash, without proper validation. This weakness can enable a man‑in‑the‑middle (MITM) SSL connection to arbit...

8.6CVSS7.4AI score0.00217EPSS
CVE
CVE
added 2021/06/22 2:50 p.m.49 views

CVE-2020-15732

CVE-2020-15732 is an improper certificate validation vulnerability in the Online Threat Prevention module used by several Bitdefender products (Total Security, Internet Security, Antivirus Plus). The issue potentially allows bypassing HTTP Strict Transport Security (HSTS) checks. Affected version...

7.5CVSS7.4AI score0.00537EPSS
CVE
CVE
added 2024/10/18 8:7 a.m.48 views

CVE-2023-49570

CVE-2023-49570 affects Bitdefender Total Security through HTTPS scanning trust management. The flaw arises when the product trusts a certificate whose Basic Constraints mark it as an End Entity, enabling potential MITM where an attacker could intercept and possibly modify traffic between a user a...

8.6CVSS7.3AI score0.00209EPSS
CVE
CVE
added 2024/10/18 7:38 a.m.48 views

CVE-2023-6057

The CVE-2023-6057 entry describes a vulnerability in Bitdefender Total Security HTTPS scanning where the product incorrectly trusts certificates issued with the DSA signature algorithm due to improper certificate-chain checking. This can enable an attacker to perform MITM SSL connections to arbit...

8.6CVSS7.4AI score0.00217EPSS
CVE
CVE
added 2019/07/30 5:47 p.m.47 views

CVE-2019-14242

CVE-2019-14242 affects Bitdefender products for Windows (Bitdefender Endpoint Security Tool < 6.6.8.115; Bitdefender Antivirus Plus/Internet Security/Total Security

7.2CVSS6.6AI score0.00554EPSS
CVE
CVE
added 2024/10/18 7:52 a.m.45 views

CVE-2023-6058

Summary: CVE-2023-6058 affects Bitdefender Safepay’s HTTPS handling. When a connection is blocked due to an untrusted server certificate, users can still add the site to exceptions, after which Safepay will trust that certificate for subsequent HTTPS scans. This creates a potential MITM path wher...

8.6CVSS6.5AI score0.00179EPSS
CVE
CVE
added 2018/03/12 9:0 p.m.42 views

CVE-2018-6183

BitDefender Total Security 2018 is affected by CVE-2018-6183. The issue allows local users to gain privileges or cause a denial of service by impersonating all channels through an insecurely created named pipe, granting full access to the Everyone group. The root cause centers on insecure named p...

7.8CVSS7.5AI score0.00305EPSS
CVE
CVE
added 2025/12/10 9:46 a.m.18 views

CVE-2025-7073

CVE-2025-7073 affects Bitdefender Total Security 27.0.46.231. The local privilege escalation stems from bdservicehost.exe deleting files in a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic-link validation. The issue is described as being chained with a file copy ope...

8.8CVSS6.4AI score0.0014EPSS