Lucene search

K

16 matches found

CVE
CVE
added 2022/03/07 12:15 p.m.93 views

CVE-2021-4198

A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: B...

6.1CVSS6.1AI score0.00132EPSS
CVE
CVE
added 2022/03/07 12:15 p.m.72 views

CVE-2021-4199

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue ...

7.8CVSS7.7AI score0.00576EPSS
CVE
CVE
added 2021/10/28 2:15 p.m.50 views

CVE-2021-3579

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Securit...

7.8CVSS7.4AI score0.00077EPSS
CVE
CVE
added 2022/02/18 9:15 a.m.48 views

CVE-2020-8107

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior...

8.2CVSS7.6AI score0.00058EPSS
CVE
CVE
added 2021/10/28 2:15 p.m.47 views

CVE-2021-3576

Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security co...

7.8CVSS7.4AI score0.00088EPSS
CVE
CVE
added 2017/03/21 4:59 p.m.42 views

CVE-2017-6186

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "Do...

7.2CVSS6.5AI score0.00156EPSS
CVE
CVE
added 2023/05/24 8:15 a.m.41 views

CVE-2022-0357

Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Securityversions prior to 26.0.10....

7.8CVSS6.9AI score0.00039EPSS
CVE
CVE
added 2007/11/01 4:46 p.m.39 views

CVE-2007-5775

Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned ...

9.8CVSS7.5AI score0.07636EPSS
CVE
CVE
added 2024/10/18 8:15 a.m.38 views

CVE-2023-6055

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product doe...

8.6CVSS7.3AI score0.0004EPSS
CVE
CVE
added 2024/10/18 8:15 a.m.38 views

CVE-2023-6057

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connectio...

8.6CVSS7.4AI score0.00055EPSS
CVE
CVE
added 2024/10/18 8:15 a.m.37 views

CVE-2023-6056

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to e...

8.6CVSS7.4AI score0.00048EPSS
CVE
CVE
added 2021/06/22 3:15 p.m.36 views

CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender I...

7.5CVSS7.4AI score0.00082EPSS
CVE
CVE
added 2024/10/18 8:15 a.m.34 views

CVE-2023-49567

A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 a...

8.6CVSS6.6AI score0.00048EPSS
CVE
CVE
added 2024/10/18 9:15 a.m.33 views

CVE-2023-49570

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to...

8.6CVSS7.3AI score0.00048EPSS
CVE
CVE
added 2024/10/18 8:15 a.m.31 views

CVE-2023-6058

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequen...

8.6CVSS6.5AI score0.00048EPSS
CVE
CVE
added 2019/07/30 6:15 p.m.28 views

CVE-2019-14242

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local at...

7.2CVSS6.6AI score0.00038EPSS