CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6324 – F-Secure Radar Open Redirect
https://notcve.org/view.php?id=CVE-2018-6324
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. F-Secure Radar (local) anterior a 2018-02-15 tiene una redirección no válida mediante el parámetro ReturnUrl que se desencadena al iniciar sesión un usuario. F-Secure Radar suffers from an open redirection vulnerability. • http://oscarhjelm.com/blag/2018/02/f-secure-radar-login-page-unvalidated-redirect-vulnerability http://www.securityfocus.com/bid/103208 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6189 – F-Secure Radar Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6189
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue. F-Secure Radar (local) anterior a 2018-02-15 tiene XSS mediante vectores relacionados con el parámetro Tags en el cuerpo de la petición JSON en una petición saliente para el recurso /api/latest/vulnerabilityscans/tags/batch. Esto también se conoce como problema "suggested metadata tags for assets". F-Secure Radar suffers from a persistent cross site scripting vulnerability. • http://oscarhjelm.com/blag/2018/02/f-secure-radar-persistent-cross-site-scripting-vulnerability http://www.securityfocus.com/bid/103100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8264
https://notcve.org/view.php?id=CVE-2015-8264
Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe. Una vulnerabilidad de tipo ruta de búsqueda no confiable en F-Secure Online Scanner permite que atacantes remotos ejecuten código arbitrario y realicen ataques de secuestro de DLL utilizando un archivo DLL troyano que se encuentra en la misma carpeta que F-SecureOnlineScanner.exe. • http://seclists.org/fulldisclosure/2016/Mar/64 http://www.securityfocus.com/archive/1/537803/100/0/threaded http://www.securityfocus.com/bid/79657 https://www.f-secure.com/en/web/labs_global/fsc-2015-4 • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6466
https://notcve.org/view.php?id=CVE-2017-6466
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When running in manual mode (default), no signature check is performed. F-Secure Software Updater 2.20, tal como se distribuye en varios productos F-Secure, descarga paquetes de instalación sobre http simple y no realiza la validación de integridad del archivo después de la descarga. • http://seclists.org/fulldisclosure/2017/Mar/28 http://www.securityfocus.com/bid/96784 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6646
https://notcve.org/view.php?id=CVE-2012-6646
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors. F-Secure Anti-Virus, Safe Anywhere y PSB Workstation Security anterior a 11500 para Mac OS X permite a usuarios locales deshabilitar el firewall de Mac OS X a través de vectores no especificados. • http://www.f-secure.com/en/web/labs_global/fsc-2012-2 •