Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Total_security
(Bitdefender)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-18 | CVE-2023-49567 | A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate. | Total_security | 6.8 | ||
| 2024-10-18 | CVE-2023-6055 | A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product does not verify the certificate's compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and... | Total_security | 7.4 | ||
| 2024-10-18 | CVE-2023-6056 | A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites. | Total_security | 7.4 | ||
| 2024-10-18 | CVE-2023-6058 | A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to... | Total_security | 6.8 | ||
| 2024-10-18 | CVE-2023-49570 | A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entityā€¯. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | Total_security | 7.4 | ||
| 2019-07-30 | CVE-2019-14242 | An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. | Antivirus_plus, Endpoint_security_tool, Internet_security, Total_security | 6.7 | ||
| 2017-08-29 | CVE-2017-10950 | This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker... | Total_security | 7.0 | ||
| 2017-03-21 | CVE-2017-6186 | Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier... | Antivirus_plus, Internet_security, Total_security | 6.7 | ||
| 2018-03-12 | CVE-2018-6183 | BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group. | Total_security | 7.8 | ||
| 2007-11-01 | CVE-2007-5775 | Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | Antivirus, Internet_security, Total_security | N/A |