Vulnerabilities > Bitdefender > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2023-49567 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site.
network
high complexity
bitdefender CWE-295
6.8
2024-10-18 CVE-2023-6058 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections.
network
high complexity
bitdefender CWE-295
6.8
2022-11-01 CVE-2022-3369 Unspecified vulnerability in Bitdefender Engines
An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key.
local
low complexity
bitdefender
5.5
2022-03-07 CVE-2021-4198 NULL Pointer Dereference vulnerability in Bitdefender products
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files.
local
low complexity
bitdefender CWE-476
6.1
2021-11-09 CVE-2021-3641 Link Following vulnerability in Bitdefender Gravityzone
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service.
local
low complexity
bitdefender CWE-59
6.1
2021-05-24 CVE-2021-3485 Unspecified vulnerability in Bitdefender Endpoint Security Tools 6.2.21.18
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution.
network
high complexity
bitdefender
6.6
2021-04-12 CVE-2020-15734 Origin Validation Error vulnerability in Bitdefender Safepay 23.0.10.34
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories.
local
low complexity
bitdefender CWE-346
5.5
2020-12-17 CVE-2020-15293 Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
local
low complexity
bitdefender CWE-20
5.5
2020-12-17 CVE-2020-15292 Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.0
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
local
low complexity
bitdefender CWE-20
5.5
2020-12-14 CVE-2020-15733 Origin Validation Error vulnerability in Bitdefender Antivirus Plus 12.0/23.0.24.120/24.0.26.136
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar.
network
low complexity
bitdefender CWE-346
6.5