CVE-2022-0677 – Improper Handling of Length Parameter Inconsistency vulnerability in Bitdefender Update Server (VA-10144)
https://notcve.org/view.php?id=CVE-2022-0677
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111. • https://www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVE-2020-15297
https://notcve.org/view.php?id=CVE-2020-15297
Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. Una comprobación insuficiente en los componentes Bitdefender Update Server y BEST Relay de Bitdefender Endpoint Security Tools versiones anteriores a 6.6.20.294, permite a un atacante no privilegiado omitir unas mitigaciones en el sitio e interactuar con los hosts de la red. Este problema afecta: Bitdefender Update Server versiones anteriores a 6.6.20.294 • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-bitdefender-update-server-va-9163 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2008-0396 – BitDefender Products - Update Server HTTP Daemon Directory Traversal
https://notcve.org/view.php?id=CVE-2008-0396
Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. Vulnerabilidad de salto de directorio en BitDefender Update Server (http.exe), tal y como se utiliza en los productos BitDefender incluyendo Security for Fileservers and Enterprise Manager (BDEM), permite a atacantes remotos leer archivos de su elección a través de la secuencia .. en una respuesta HTTP. • https://www.exploit-db.com/exploits/31039 http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability http://secunia.com/advisories/28578 http://securityreason.com/securityalert/3568 http://www.oliverkarow.de/research/bitdefender.txt http://www.securityfocus.com/archive/1/486701/100/0/threaded http://www.securityfocus.com/bid/27358 http://www.vupen.com/english/advisories/2008/0213 https://exchange.xforce.ibmcloud.com/vulnerabilities/39802 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •