144 matches found
CVE-2022-0677
CVE-2022-0677 is an instance of an improper handling of length parameter inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay) and GravityZone (in Update Server). The issue allows a remote attacker to cause a Denial-of-Service. Affected produ...
Bitdefender GravityZone Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Bitdefender GravityZone. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2021-3960
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272...
CVE-2021-3959
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...
CVE-2021-3960
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272...
CVE-2021-3959
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...
Path traversal
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272...
CVE-2021-3960
In Bitdefender GravityZone, CVE-2021-3960 describes a Path Traversal in the UpdateServer component that can allow arbitrary code execution on affected instances. Affected versions are GravityZone prior to 3.3.8.272. Several records also reference a related Privilege Escalation via the UpdateServe...
CVE-2021-3960 Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146)
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272...
CVE-2021-3959 Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...
Bitdefender GravityZone 路径遍历漏洞
Bitdefender GravityZone is a scanning software from Bitdefender Romania. Bitdefender GravityZone suffers from a path traversal vulnerability that stems from an improperly restricted pathname "path traversal" vulnerability in the UpdateServer component of Bitdefender GravityZone that allows an...
Bitdefender GravityZone Unnecessary Privileges Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender GravityZone. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the endpoint...
CVE-2021-3553
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...
CVE-2021-3552
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...
CVE-2021-3552
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...
Improper access control
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions...
CVE-2021-3553 Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...