EUVD-2024-32736

Malicious code in bioql PyPI...

CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

CVE-2025-2245

CVE-2025-2245 describes an SSRF in Bitdefender GravityZone Update Server when in Relay Mode. The HTTP proxy on port 7074 uses a domain allowlist but fails to sanitize hostnames containing null-byte sequences (e.g., evil.com%00.bitdefender.com), allowing an attacker to bypass the allowlist and for...

CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

Bitdefender GravityZone Update Server 代码问题漏洞

Bitdefender GravityZone Update Server is a solution for managing and distributing update files on the Bitdefender GravityZone administrator console from Bitdefender Romania. A code issue vulnerability exists in Bitdefender GravityZone Update Server versions prior to 3.5.2.689, which is rooted in...

CVE-2024-6980

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

CVE-2024-6980 Verbose error handling issue in GravityZone Update Server proxy service

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

CVE-2024-6980 Verbose error handling issue in GravityZone Update Server proxy service

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...

CVE-2024-2223

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux...

PT-2024-19287 · Bitdefender · Gravityzone Control Center +3

Name of the Vulnerable Software and Affected Versions: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center On Premises version 6.36.1 Description: An Incorrect Regular Expression vulnerability in...

Bitdefender GravityZone Update Server 安全漏洞

Bitdefender GravityZone Update Server is a solution for managing and distributing update files on the Bitdefender GravityZone administrator console from Bitdefender Romania. A security vulnerability exists in Bitdefender GravityZone Update Server, which stems from the presence of an incorrect...

CVE-2022-0677

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools in relay role, GravityZone in Update Server role allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to...