RSS   Vulnerabilities for 'Gravityzone'   RSS

2022-04-07
 
CVE-2022-0677

NVD-CWE-Other
 

 
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.

 
2021-12-16
 
CVE-2021-3959

CWE-918
 

 
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272

 
 
CVE-2021-3960

CWE-22
 

 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272

 
2021-11-24
 
CVE-2021-3552

CWE-918
 

 
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.

 
 
CVE-2021-3553

CWE-918
 

 
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

 
2021-10-28
 
CVE-2021-3823

CWE-22
 

 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.

 
2018-10-30
 
CVE-2017-8931

CWE-noinfo
 

 
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.

 
2018-10-24
 
CVE-2018-8955

CWE-347
 

 
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged.

 
2014-08-19
 
CVE-2014-5350

CWE-22
 

 
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.

 

 >>> Vendor: Bitdefender 24 Products
Bitdefender
Bitdefender antivirus
Antivirus
Endpoint security
Bitdefender client
Internet security
Total security
Online anti-virus scanner
Update server
Bitdefender total security 2010
Gravityzone
Antivirus plus
Internet security 2018
Safepay
Central
Endpoint security tools
Total security 2020
Antivirus for mac
Antimalware software development kit
Antivirus 2020
Engines
Hypervisor introspection
Gravityzone business security
Vpn standalone


Copyright 2024, cxsecurity.com

 

Back to Top