CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28871 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-28871
25 Apr 2022 — A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en F-Secure Atlant versiones anteriores a 2022-04-12_01 por la que el componente fsicapd usado en ciertos productos de F-Secure mientras escane... • https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28871 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28869 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28869
15 Apr 2022 — A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. Se ha detectado una vulnerabilidad que afectaba al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que el navegador no mostraba la URL completa, como el número de puerto • https://www.f-secure.com/en/home/support/security-advisories •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28868 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28868
15 Apr 2022 — An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site. Se ha detectado una vulnerabilidad de suplantación de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una página web/URL maliciosa especialmente dise... • https://www.f-secure.com/en/home/support/security-advisories •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28870 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28870
15 Apr 2022 — A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que ésta no era correcta si fallaba la navegación • https://www.f-secure.com/en/home/support/security-advisories •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44751 – F-Secure SAFE Browser vulnerable to USSD attacks
https://notcve.org/view.php?id=CVE-2021-44751
25 Mar 2022 — A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE anterior ... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame • CWE-276: Incorrect Default Permissions •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44750 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2021-44750
09 Mar 2022 — An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands. Se encontró una vulnerabilidad de ejecución de código arbitrario en la herramienta de soporte de F-Secure. Un usuario estándar puede diseñar un archivo de configuración especial, que cuando es ejecutado por el administrador puede ejecutar cualquier comando • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44749 – Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android
https://notcve.org/view.php?id=CVE-2021-44749
06 Mar 2022 — A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. Se ha detectado una vulnerabilidad que afecta a la protección del navegador F-Secure SAFE. Un manejo inapropiado de las URLs puede causar una vulnerabilidad de tipo cross-site scripting univer... • https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44749 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44748 – Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2021-44748
06 Mar 2022 — A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE por la que los navegadores cargan imágenes automátic... • https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-44747 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-44747
01 Mar 2022 — A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en F-Secure Linux Security por la que el componente Fmlib usado en determinados productos de F-Secure puede bloquearse mientras s... • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-40837 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40837
09 Feb 2022 — A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure versiones anteriores a la actualización 2022-02-01_01 de Capricorn, por la que una descompresión del archivo ACE causa la ... • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •