Vulnerabilities > Bitdefender > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-18 | CVE-2023-49567 | Improper Certificate Validation vulnerability in Bitdefender Total Security A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. | 6.8 |
| 2024-10-18 | CVE-2023-6058 | Improper Certificate Validation vulnerability in Bitdefender Total Security A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. | 6.8 |
| 2022-11-01 | CVE-2022-3369 | Improper Privilege Management vulnerability in Bitdefender Engines An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. | 5.5 |
| 2022-03-07 | CVE-2021-4198 | NULL Pointer Dereference vulnerability in Bitdefender products A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. | 6.1 |
| 2021-11-09 | CVE-2021-3641 | Link Following vulnerability in Bitdefender Gravityzone Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. | 6.1 |
| 2021-05-24 | CVE-2021-3485 | Download of Code Without Integrity Check vulnerability in Bitdefender Endpoint Security Tools 6.2.21.18 An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. | 6.6 |
| 2021-04-12 | CVE-2020-15734 | Origin Validation Error vulnerability in Bitdefender Safepay 23.0.10.34 An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. | 5.5 |
| 2020-12-17 | CVE-2020-15293 | Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2 Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | 5.5 |
| 2020-12-17 | CVE-2020-15292 | Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.0 Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | 5.5 |
| 2020-12-14 | CVE-2020-15733 | Origin Validation Error vulnerability in Bitdefender Antivirus Plus 12.0/23.0.24.120/24.0.26.136 An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. | 6.5 |