20 matches found
CVE-2021-4198
CVE-2021-4198 is a NULL pointer dereference in Bitdefender’s messaging_ipc.dll affecting multiple Bitdefender products. Affected versions include Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, and VPN Standalone, with vulnerable build dates prior to 26.0.3.29 (and End...
CVE-2021-4199
CVE-2021-4199 is a local privilege-escalation flaw in Bitdefender products where BDReinit.exe’s crash-handling component suffers incorrect permission assignment for a critical resource, enabling a local attacker to escalate to SYSTEM. Affected are Bitdefender Total Security, Internet Security, An...
CVE-2020-8107
The CVE-2020-8107 entry concerns a vulnerability in Bitdefender Antivirus Plus (ProductAgentUI.exe) where a specially crafted DLL can tamper with product settings. Affected products are Bitdefender Antivirus Plus, Internet Security, and Total Security with versions prior to 24.0.26.136. The root ...
CVE-2023-6154
CVE-2023-6154 affects Bitdefender Total Security, Internet Security, Antivirus Plus, and Antivirus Free (all reported as 27.0.25.114). Root cause: a configuration setting issue in seccenter.exe that allows an attacker to change the product’s expected behavior and potentially load a third‑party li...
CVE-2007-5775
CVE-2007-5775 affects BitDefender Online Scanner ActiveX controls (OScan.ocx / OScan8.ocx). The vulnerability is a buffer overflow in the ActiveX control’s InitX/InitX-like handling and related Unicode processing, caused by improper validation and a double Unicode decoding, enabling a remote atta...
CVE-2021-3579
CVE-2021-3579 affects Bitdefender Endpoint Security Tools for Windows and Bitdefender Total Security prior to 7.2.1.65. The issue is an Incorrect Default Permissions in the bdservicehost.exe and Vulnerability.Scan.exe components, enabling a local attacker to escalate privileges to NT AUTHORITY\SY...
CVE-2023-49567
The CVE concerns Bitdefender Total Security HTTPS scanning that incorrectly validates site certificates, allowing MITM SSL connections. Affected software: Bitdefender Total Security (HTTPS scanning component). Root cause: trust of certificates issued using MD5 and SHA1 collision hash functions en...
CVE-2021-3576
CVE-2021-3576 is a local privilege-escalation vulnerability in Bitdefender products (Endpoint Security Tools and Total Security). The root cause is an impersonation flaw where an untrusted process can impersonate the client of a pipe, enabling a local attacker to elevate to NT AUTHORITY\System. A...
CVE-2017-10950
CVE-2017-10950 affects Bitdefender Total Security (bdfwfpf kernel driver). The vulnerability lies in the handling of IOCTL 0x8000E038 where the driver fails to validate the existence of an object before operating on it, enabling a local attacker to execute arbitrary code in the SYSTEM context. Ex...
CVE-2017-6186
Bitdefender products Bitdefender Total Security 12.0 and earlier, Bitdefender Internet Security 12.0 and earlier, and Bitdefender Antivirus Plus 12.0 and earlier are listed as vulnerable to a local code-injection attack (CVE-2017-6186) via a DoubleAgent technique. The root cause described across ...
CVE-2022-0357
CVE-2022-0357 is an Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Internet Security, and Antivirus Plus. The issue allows local privilege escalation to SYSTEM. Affected products/versions are Bitdefender Total Security, Internet Se...
CVE-2023-6055
CVE-2023-6055 describes a certificate validation flaw in Bitdefender Total Security’s HTTPS scanning. The vulnerability occurs when the site certificate lacks the Extended Key Usage spec for Server Authentication; the product may consider such certificates valid and proceed with TLS interception,...
CVE-2023-6056
CVE-2023-6056 describes a vulnerability in Bitdefender Total Security’s HTTPS scanning that causes improper trust of self-signed certificates, specifically those signed with the RIPEMD-160 hash, without proper validation. This weakness can enable a man‑in‑the‑middle (MITM) SSL connection to arbit...
CVE-2020-15732
CVE-2020-15732 is an improper certificate validation vulnerability in the Online Threat Prevention module used by several Bitdefender products (Total Security, Internet Security, Antivirus Plus). The issue potentially allows bypassing HTTP Strict Transport Security (HSTS) checks. Affected version...
CVE-2023-49570
CVE-2023-49570 affects Bitdefender Total Security through HTTPS scanning trust management. The flaw arises when the product trusts a certificate whose Basic Constraints mark it as an End Entity, enabling potential MITM where an attacker could intercept and possibly modify traffic between a user a...
CVE-2023-6057
The CVE-2023-6057 entry describes a vulnerability in Bitdefender Total Security HTTPS scanning where the product incorrectly trusts certificates issued with the DSA signature algorithm due to improper certificate-chain checking. This can enable an attacker to perform MITM SSL connections to arbit...
CVE-2019-14242
CVE-2019-14242 affects Bitdefender products for Windows (Bitdefender Endpoint Security Tool < 6.6.8.115; Bitdefender Antivirus Plus/Internet Security/Total Security
CVE-2023-6058
Summary: CVE-2023-6058 affects Bitdefender Safepay’s HTTPS handling. When a connection is blocked due to an untrusted server certificate, users can still add the site to exceptions, after which Safepay will trust that certificate for subsequent HTTPS scans. This creates a potential MITM path wher...
CVE-2018-6183
BitDefender Total Security 2018 is affected by CVE-2018-6183. The issue allows local users to gain privileges or cause a denial of service by impersonating all channels through an insecurely created named pipe, granting full access to the Everyone group. The root cause centers on insecure named p...
CVE-2025-7073
CVE-2025-7073 affects Bitdefender Total Security 27.0.46.231. The local privilege escalation stems from bdservicehost.exe deleting files in a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic-link validation. The issue is described as being chained with a file copy ope...