57 matches found
EUVD-2019-7568
Malware in sbrugna...
EUVD-2019-7563
Malware in sbrugna...
EUVD-2019-7562
Malware in sbrugna...
EUVD-2019-4205
Malware in sbrugna...
EUVD-2019-4206
Malware in sbrugna...
EUVD-2024-54189
Malicious code in bioql PyPI...
EUVD-2024-54188
Malicious code in bioql PyPI...
EUVD-2024-54187
Malicious code in bioql PyPI...
CVE-2019-12612
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup...
The vulnerability of the HTTP protocol implementation in Bitdefender BOX 1 devices allows a perpetrator to carry out a “man-in-the-middle” type attack.
The vulnerability of the HTTP protocol implementation in Bitdefender BOX 1 devices for device protection involves the transmission of credentials in an unencrypted form. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...
The vulnerability of the Bitdefender BOX 1 device for protecting appliances and gadgets lies in the lack of measures taken at the control level to clean data. This allows a perpetrator to execute arbitrary commands.
The vulnerability of the Bitdefender BOX 1 device for protecting appliances and gadgets is related to the lack of measures taken to clean data at the control level during the processing of the final checkpoint /checkimageandtriggerrecovery. Exploiting this vulnerability allows a remote attacker t...
CVE-2024-13870
An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...
CVE-2024-13872
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
CVE-2024-13871
A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...
CVE-2024-13872
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
CVE-2024-13871
A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...
CVE-2024-13871
A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...
CVE-2024-13872
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
CVE-2024-13870
An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...
CVE-2024-13870
An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...