Vulnerabilities > Bitdefender > Total Security > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-18 | CVE-2023-49567 | Improper Certificate Validation vulnerability in Bitdefender Total Security A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. | 6.8 |
| 2024-10-18 | CVE-2023-6058 | Improper Certificate Validation vulnerability in Bitdefender Total Security A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. | 6.8 |
| 2022-03-07 | CVE-2021-4198 | NULL Pointer Dereference vulnerability in Bitdefender products A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. | 6.1 |
| 2019-07-30 | CVE-2019-14242 | Uncontrolled Search Path Element vulnerability in Bitdefender products An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. | 6.7 |
| 2017-03-21 | CVE-2017-6186 | Code Injection vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. | 6.7 |