Filtered by vendor Bitdefender
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3554 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2022-04-25 | 7.5 HIGH | 10.0 CRITICAL |
| Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | |||||
| CVE-2021-3823 | 1 Bitdefender | 1 Gravityzone | 2021-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249. | |||||
| CVE-2020-15297 | 1 Bitdefender | 1 Update Server | 2020-11-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. | |||||
| CVE-2019-17095 | 1 Bitdefender | 2 Box 2, Box 2 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability. | |||||
| CVE-2019-17096 | 1 Bitdefender | 3 Box 2, Box 2 Firmware, Central | 2020-01-31 | 9.3 HIGH | 9.8 CRITICAL |
| A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | |||||
| CVE-2017-8931 | 1 Bitdefender | 1 Gravityzone | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors. | |||||
| CVE-2018-8955 | 1 Bitdefender | 1 Gravityzone | 2019-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | |||||