187 matches found
CVE-2024-4177
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...
CVE-2024-4177 Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...
Bitdefender GravityZone Update Server Security Vulnerability
Bitdefender GravityZone Update Server is a solution from Bitdefender Romania for managing and distributing update files on the Bitdefender GravityZone administrator console. A security vulnerability exists in Bitdefender GravityZone Update Server that stems from a problem with the host whitelist...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
CVE-2024-29210
CVE-2024-29210 describes a local privilege escalation in Phish Alert Button for Outlook (PAB) caused by insecure permissions on the configuration file (update server URL). An unprivileged local user can modify the configuration to point updates to a malicious server, enabling LPE in conjunction w...
CVE-2024-2224
Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component...
CVE-2024-2223
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux...
CVE-2024-2223 Incorrect Regular Expression in GravityZone Update Server (VA-11465)
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux...
CVE-2024-2223
CVE-2024-2223 is an Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server that enables Server-Side Request Forgery and relay reconfiguration. Affected products include Bitdefender Endpoint Security for Linux (7.0.5.200089), Bitdefender Endpoint Security for Windows (...
CVE-2024-2223 Incorrect Regular Expression in GravityZone Update Server (VA-11465)
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux...
Bitdefender GravityZone Update Server 安全漏洞
Bitdefender GravityZone Update Server is a solution for managing and distributing update files on the Bitdefender GravityZone administrator console from Bitdefender Romania. A security vulnerability exists in Bitdefender GravityZone Update Server, which stems from the presence of an incorrect...
PT-2024-19287 · Bitdefender · Gravityzone Control Center +3
Name of the Vulnerable Software and Affected Versions: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center On Premises version 6.36.1 Description: An Incorrect Regular Expression vulnerability in...
Bitdefender GravityZone Update Server 路径遍历漏洞
Bitdefender GravityZone Update Server is a solution from Bitdefender Romania for managing and distributing update files on the Bitdefender GravityZone administrator console. A path traversal vulnerability exists in Bitdefender GravityZone Update Server, which stems from the presence of a path...
Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework
Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...
CVE-2023-24504
Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server...
CVE-2023-24504
Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server...
Electra Central AC unit 安全漏洞
The Electra Central AC unit is an Electra Central AC unit from Electra. A security vulnerability exists in the Electra Central AC unit. An attacker could exploit the vulnerability to cause the unit to connect to an unauthorized update server...
PT-2023-19651 · Electra · Electra Central Ac Unit
Name of the Vulnerable Software and Affected Versions: Electra Central AC unit affected versions not specified Description: The issue allows an adjacent attacker to cause the unit to connect to an unauthorized update server. Recommendations: At the moment, there is no information about a newer...
CVE-2023-24504 Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server
Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server...
CVE-2022-3913
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the...