CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4177 – Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)
https://notcve.org/view.php?id=CVE-2024-4177
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise. Un problema con el analizador de lista blanca de host en el servicio proxy implementado en GravityZone Update Server permite a un atacante provocar server-side request forgery. Este problema solo afecta a las versiones de GravityZone Console anteriores a 6.38.1-2 que se ejecutan únicamente en las instalaciones. • https://bitdefender.com/consumer/support/support/security-advisories/host-whitelist-parser-issue-in-gravityzone-console-on-premise-va-11554 https://www.cve.org/CVERecord?id=CVE-2024-4177 • CWE-116: Improper Encoding or Escaping of Output CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2224 – Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-11466)
https://notcve.org/view.php?id=CVE-2024-2224
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 La vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") en el componente UpdateServer de Bitdefender GravityZone permite a un atacante ejecutar código arbitrario en instancias vulnerables. Este problema afecta a los siguientes productos que incluyen el componente vulnerable: Bitdefender Endpoint Security para Linux versión 7.0.5.200089 Bitdefender Endpoint Security para Windows versión 7.9.9.380 GravityZone Control Center (On Premises) versión 6.36.1 • https://github.com/SeanPesce/CVE-2024-22243 https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2223 – Incorrect Regular Expression in GravityZone Update Server (VA-11465)
https://notcve.org/view.php?id=CVE-2024-2223
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 Una vulnerabilidad de expresión regular incorrecta en Bitdefender GravityZone Update Server permite a un atacante provocar Server Side Request Forgery y reconfigurar el relé. Este problema afecta a los siguientes productos que incluyen el componente vulnerable: Bitdefender Endpoint Security para Linux versión 7.0.5.200089 Bitdefender Endpoint Security para Windows versión 7.9.9.380 GravityZone Control Center (On Premises) versión 6.36.1 • https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234 https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465 • CWE-185: Incorrect Regular Expression •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-6154 – Local privilege escalation in Bitdefender Total Security (VA-11168)
https://notcve.org/view.php?id=CVE-2023-6154
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. Un problema de configuración en seccenter.exe tal como se usa en Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free permite a un atacante cambiar el comportamiento esperado del producto y potencialmente cargar una librería de terceros durante la ejecución. Este problema afecta a Total Security: 27.0.25.114; Seguridad de Internet: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus gratuito: 27.0.25.114. • https://bitdefender.com/support/security-advisories/local-privilege-escalation-in-bitdefender-total-security-va-11168 • CWE-15: External Control of System or Configuration Setting •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3633 – Out of Bounds Memory Corruption Issue in CEVA Engine
https://notcve.org/view.php?id=CVE-2023-3633
An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower. • https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010 • CWE-787: Out-of-bounds Write •