CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40835 – URL Address Bar Spoofing in F-Secure SAFE Browser for iOS
https://notcve.org/view.php?id=CVE-2021-40835
16 Dec 2021 — An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows th... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40834 – User interface Spoofing in F-Secure SAFE browser for Android
https://notcve.org/view.php?id=CVE-2021-40834
10 Dec 2021 — A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. Se ha detectado una vulnerabilidad de superposición de la interfaz de usuario en F-secure SAFE Browser para Android. Cuando el usuario hace clic en una URL aparentemente legítima especialmente diseñada, el navegador SAFE pasa a... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33594 – F-Secure Safe browser for Android vulnerable to Address Bar Spoofing
https://notcve.org/view.php?id=CVE-2021-33594
11 Aug 2021 — An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. Se ha detectado una vulnerabilidad de suplantación de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una U... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33595 – F-Secure Safe browser for iOS vulnerable to Address Bar Spoofing
https://notcve.org/view.php?id=CVE-2021-33595
11 Aug 2021 — A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. Se ha detectado una vulnerabilidad de suplantación de la barra de direcciones en Safe Browser para iOS. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33596 – Fake Apple login prompt in F-Secure SAFE browser for iOS
https://notcve.org/view.php?id=CVE-2021-33596
05 Aug 2021 — Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS. Mostrar la URL legítima en la barra de direcciones mientras se carga el contenido de otro dominio. Esto hace creer al usuario que el contenido es servido por... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-11644
https://notcve.org/view.php?id=CVE-2019-11644
17 May 2019 — In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process th... • https://www.f-secure.com/en/web/labs_global/fsc-2019-2 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 3%CPEs: 16EXPL: 0CVE-2010-1168 – Safe: Intended restriction bypass via object references
https://notcve.org/view.php?id=CVE-2010-1168
21 Jun 2010 — The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." El módulo Safe (Safe.pm) en versiones anteriores a la v2.25 de Perl permite a atacantes, dependiendo del contexto, evitar las restricciones ... • http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html • CWE-264: Permissions, Privileges, and Access Controls •