Vulnerabilities > Bitdefender > Total Security > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2023-49570 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates.
network
high complexity
bitdefender CWE-295
7.4
2024-10-18 CVE-2023-6055 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates.
network
high complexity
bitdefender CWE-295
7.4
2024-10-18 CVE-2023-6056 Improper Certificate Validation vulnerability in Bitdefender Total Security
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates.
network
high complexity
bitdefender CWE-295
7.4
2024-10-18 CVE-2023-6057 Unspecified vulnerability in Bitdefender Total Security
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm.
network
high complexity
bitdefender
7.4
2023-05-24 CVE-2022-0357 Unspecified vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security
Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45.
local
low complexity
bitdefender
7.8
2022-03-07 CVE-2021-4199 Incorrect Permission Assignment for Critical Resource vulnerability in Bitdefender products
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM.
local
low complexity
bitdefender CWE-732
7.8
2022-02-18 CVE-2020-8107 Unspecified vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file.
local
low complexity
bitdefender
7.8
2021-10-28 CVE-2021-3576 Improper Privilege Management vulnerability in Bitdefender Endpoint Security Tools and Total Security
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System.
local
low complexity
bitdefender CWE-269
7.8
2021-10-28 CVE-2021-3579 Incorrect Default Permissions vulnerability in Bitdefender Endpoint Security Tools and Total Security
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65.
local
low complexity
bitdefender CWE-276
7.8
2021-06-22 CVE-2020-15732 Improper Certificate Validation vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks.
network
low complexity
bitdefender CWE-295
7.5