CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2020-14977
https://notcve.org/view.php?id=CVE-2020-14977
An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. Se detectó un problema en F-Secure SAFE versión 17.7 en macOS. Los servicios XPC usan el PID para identificar al cliente que se conecta, lo que permite a un atacante llevar a cabo un ataque de reutilización del PID y conectarse a un servicio XPC privilegiado, y ejecutar comandos privilegiados en el sistema. • https://theevilbit.github.io/posts https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/home/products/safe •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2020-14978
https://notcve.org/view.php?id=CVE-2020-14978
An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. Se detectó un problema en F-Secure SAFE versión 17.7 en macOS. Debido a una verificación de versión de cliente incorrecta, un atacante puede conectarse a un servicio XPC privilegiado y ejecutar comandos privilegiados en el sistema. • https://theevilbit.github.io/posts https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/home/products/safe •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9342
https://notcve.org/view.php?id=CVE-2020-9342
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper. El motor de análisis de F-Secure AV antes del 05-02-2020, permite omitir la detección de virus mediante datos de Compression Method diseñados en un archivo GZIP. Esto afecta a las versiones anteriores a 17.0.605.474 (en Linux) de Cloud Protection For Salesforce, Email y Server Security, y Internet GateKeeper. • http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html http://seclists.org/fulldisclosure/2020/Feb/33 https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html https://seclists.org/bugtraq/2020/Feb/33 • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-11644
https://notcve.org/view.php?id=CVE-2019-11644
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context. • https://www.f-secure.com/en/web/labs_global/fsc-2019-2 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10403
https://notcve.org/view.php?id=CVE-2018-10403
An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. Se ha descubierto un problema en F-Secure XFENCE y Little Flocker. Un binario universal/fat manipulado puede evadir las comprobaciones de firma de código de terceros. • https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks • CWE-295: Improper Certificate Validation •