Vulnerabilities > Bitdefender > Internet Security
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2022-0357 | Unquoted Search Path or Element vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. | 7.8 |
| 2022-03-07 | CVE-2021-4198 | NULL Pointer Dereference vulnerability in Bitdefender products A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. | 3.6 |
| 2022-03-07 | CVE-2021-4199 | Incorrect Permission Assignment for Critical Resource vulnerability in Bitdefender products Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. | 7.2 |
| 2022-02-18 | CVE-2020-8107 | Unspecified vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. local bitdefender | 4.4 |
| 2021-06-22 | CVE-2020-15732 | Improper Certificate Validation vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. | 5.0 |
| 2019-07-30 | CVE-2019-14242 | Code Injection vulnerability in Bitdefender products An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. | 7.2 |
| 2017-03-21 | CVE-2017-6186 | Code Injection vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. | 7.2 |
| 2009-03-09 | CVE-2009-0850 | Cross-Site Scripting vulnerability in Bitdefender Internet Security 2009 Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file. | 4.3 |
| 2007-11-01 | CVE-2007-5775 | Buffer Overflow vulnerability in BitDefender Online Scanner OScan.OCX ActiveX Control Heap Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. | 9.3 |