CVE-2023-42520
https://notcve.org/view.php?id=CVE-2023-42520
Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo mediante el desempaquetado de archivos de datos manipulados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. • https://www.withsecure.com/en/support/security-advisories • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-42526
https://notcve.org/view.php?id=CVE-2023-42526
Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. Algunos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a través de la descompresión de archivos de datos manipulados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. • https://www.withsecure.com/en/support/security-advisories • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-42522
https://notcve.org/view.php?id=CVE-2023-42522
Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a través del procesamiento de una estructura de importación en un archivo PE. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. • https://www.withsecure.com/en/support/security-advisories • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-9342
https://notcve.org/view.php?id=CVE-2020-9342
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper. El motor de análisis de F-Secure AV antes del 05-02-2020, permite omitir la detección de virus mediante datos de Compression Method diseñados en un archivo GZIP. Esto afecta a las versiones anteriores a 17.0.605.474 (en Linux) de Cloud Protection For Salesforce, Email y Server Security, y Internet GateKeeper. • http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html http://seclists.org/fulldisclosure/2020/Feb/33 https://blog.zoller.lu/p/tzo-16-2020-f-secure-generic-malformed.html https://seclists.org/bugtraq/2020/Feb/33 • CWE-436: Interpretation Conflict •
CVE-2013-7369
https://notcve.org/view.php?id=CVE-2013-7369
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. Vulnerabilidad de inyección SQL en una DLL no especificada en el control FSDBCom ActiveX en F-Secure Anti-Virus para Microsoft Exchange Server anterior a HF02, Anti-Virus para Windows Servers 9.00 anterior a HF09, Anti-Virus para Citrix Servers 9.00 anterior a HF09, y F-Secure Email y Server Security y F-Secure Server Security 9.20 anterior a HF01 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores desconocidos, relacionado con GetCommand. • http://www.f-secure.com/en/web/labs_global/fsc-2013-1 http://www.zerodayinitiative.com/advisories/ZDI-13-095 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •