CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0677 – Improper Handling of Length Parameter Inconsistency vulnerability in Bitdefender Update Server (VA-10144)
https://notcve.org/view.php?id=CVE-2022-0677
07 Apr 2022 — Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.1... • https://www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15297
https://notcve.org/view.php?id=CVE-2020-15297
09 Nov 2020 — Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. Una comprobación insuficiente en los componentes Bitdefender Update Server y BEST Relay de Bitdefender Endpoint Security Tools versiones anteriores a 6.6.20.294, permite a un ata... • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-bitdefender-update-server-va-9163 • CWE-918: Server-Side Request Forgery (SSRF) •