15 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en F-Secure Linux Security por la que el componente Fmlib usado en determinados productos de F-Secure puede bloquearse mientras son escaneados archivos fuzzed. La explotación puede ser desencadenada remotamente por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure versiones anteriores a la actualización 2022-02-01_01 de Capricorn, por la que una descompresión del archivo ACE causa la detención del servicio de escáner. La vulnerabilidad puede ser explotada de forma remota por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837 •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper. El motor de análisis de F-Secure AV antes del 05-02-2020, permite omitir la detección de virus mediante datos de Compression Method diseñados en un archivo GZIP. Esto afecta a las versiones anteriores a 17.0.605.474 (en Linux) de Cloud Protection For Salesforce, Email y Server Security, y Internet GateKeeper. • http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html http://seclists.org/fulldisclosure/2020/Feb/33 https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html https://seclists.org/bugtraq/2020/Feb/33 • CWE-436: Interpretation Conflict •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. F-Secure Internet Gatekeeper para Linux 3.x antes de v3.03 no requiere autenticación para la lectura de registros de acceso, lo que permite a atacantes remotos obtener información sensible a través de una sesión TCP en el puerto de administración de la interfaz de usuario. • http://jvn.jp/en/jp/JVN71542734/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000013 http://osvdb.org/70898 http://secunia.com/advisories/43326 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-1.html http://www.vupen.com/english/advisories/2011/0393 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 168EXPL: 0

F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection. F-Secure Internet Security 2010 y anteriores; Anti-Virus para Microsoft Exchange 9 y anteriores, y para MIMEsweeper v5.61 y anteriores; Internet Gatekeeper para Windows v6.61 y anteriores, y para Linux v4.02 y anteriores; Anti-Virus 2010 y anteriores; Home Server Security 2009; Protection Service para Consumers 9 y anteriores, para Business - Workstation security 9 y anteriores, para Business - Server Security 8 y anteriores, y para E-mail y Server security 9 y anteriores; Mac Protection build 8060 y anteriores; Client Security 9 y anteriores; y varios productos Anti-Virus para Windows, Linux, y Citrix no detectan adecuadamente malware en archivos (1) 7Z, (2) GZIP, (3) CAB, o (4) RAR manipulados, lo que facilita a atacantes evitar la detección. • http://secunia.com/advisories/39396 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html http://www.securitytracker.com/id?1023841 http://www.securitytracker.com/id?1023842 http://www.securitytracker.com/id?1023843 http://www.vupen.com/english/advisories/2010/0855 •