Vulnerabilities > Bitdefender

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2023-49570 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates.
network
high complexity
bitdefender CWE-295
7.4
7.4
2024-10-18 CVE-2023-49567 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site.
network
high complexity
bitdefender CWE-295
6.8
6.8
2024-10-18 CVE-2023-6055 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates.
network
high complexity
bitdefender CWE-295
7.4
7.4
2024-10-18 CVE-2023-6056 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates.
network
high complexity
bitdefender CWE-295
7.4
7.4
2024-10-18 CVE-2023-6057 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm.
network
high complexity
bitdefender CWE-295
7.4
7.4
2024-10-18 CVE-2023-6058 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections.
network
high complexity
bitdefender CWE-295
6.8
6.8
2024-06-06 CVE-2024-4177 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.
network
low complexity
bitdefender CWE-918
critical
 9.8
9.8
2023-07-14 CVE-2023-3633 Out-of-bounds Write vulnerability in Bitdefender Engines
An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.
network
low complexity
bitdefender CWE-787
7.5
7.5
2023-05-24 CVE-2022-0357 Unquoted Search Path or Element vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security
Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45.
local
low complexity
bitdefender CWE-428
7.8
7.8
2022-11-01 CVE-2022-3369 Improper Privilege Management vulnerability in Bitdefender Engines
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key.
local
low complexity
bitdefender CWE-269
5.5
5.5