High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-24	CVE-2022-0357	Unquoted Search Path or Element vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. local low complexity bitdefender CWE-428	7.8
2022-03-07	CVE-2021-4199	Incorrect Permission Assignment for Critical Resource vulnerability in Bitdefender products Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. local low complexity bitdefender CWE-732	7.8
2022-02-18	CVE-2020-8107	Unspecified vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. local low complexity bitdefender	7.8
2021-06-22	CVE-2020-15732	Improper Certificate Validation vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. network low complexity bitdefender CWE-295	7.5