CVE-2022-38166
https://notcve.org/view.php?id=CVE-2022-38166
In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. En F-Secure Endpoint Protection para Windows y macOS antes del canal con la base de datos Capricornio 2022-11-22_07, el controlador de desempaquetado aerdl.dll falla. Esto puede provocar una falla del motor de escaneo, que un atacante puede activar de forma remota por denegación de servicio. • https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38166 •
CVE-2022-38164
https://notcve.org/view.php?id=CVE-2022-38164
A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL. WithSecure hasta el 10 de agosto de 2022 permite a los atacantes provocar una denegación de servicio (problema 3 de 5). • https://withsecure.com https://www.f-secure.com/en/home/support/security-advisories • CWE-290: Authentication Bypass by Spoofing •
CVE-2022-38163
https://notcve.org/view.php?id=CVE-2022-38163
A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. Se descubrió una vulnerabilidad falsa de arrastrar y soltar en F-Secure SAFE Browser para Android e iOS versión 19.0 y anteriores. La operación de arrastrar y soltar por parte del usuario en la barra de direcciones podría provocar una suplantación de la barra de direcciones. • https://withsecure.com https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-38163 •
CVE-2022-28887 – Multiple Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-28887
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. Se ha detectado una vulnerabilidad múltiple de Denegación de Servicio (DoS) en los productos F-Secure y WithSecure por la que la función del administrador de desempaquetado aerdl.dll es bloqueada. Esto puede conllevar a un posible fallo del motor de escaneo • https://www.f-secure.com/en/business/support-and-downloads/security-advisories https://www.withsecure.com/en/support/security-advisories •
CVE-2022-28886 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-28886
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine Se ha detectado una vulnerabilidad de denegación de servicio en los productos F-Secure y WithSecure en la que el archivo aerdl.so/aerdl.dll puede entrar en un bucle infinito cuando son desempaquetados archivos PE. Es posible que esto pueda bloquear el motor de escaneo • https://www.f-secure.com/en/business/support-and-downloads/security-advisories https://www.withsecure.com/en/support/security-advisories • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •