CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38162
https://notcve.org/view.php?id=CVE-2022-38162
Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en WithSecure hasta el 2022-08-10) dentro de F-Secure Policy Manager debido a un parámetro no comprobado en el endpoint, que permite a atacantes remotos proporcionar una entrada maliciosa • https://withsecure.com https://www.withsecure.com/en/support/security-advisories https://www.withsecure.com/en/support/security-advisories/cve-2022-38162?_gl=1%2Adtq2t3%2A_up%2AMQ..%2A_ga%2AMTMxOTM1OTA2MC4xNjY2NzIxMjQ0%2A_ga_B5SG5Y2DHS%2AMTY2NjcyMTI0MS4xLjAuMTY2NjcyMTI0MS4wLjAuMA.. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28884 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-28884
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine. Se ha detectado una vulnerabilidad de denegación de servicio en los productos F-Secure y WithSecure por la que el archivo aerdl.dll puede entrar en un bucle infinito cuando desempaqueta archivos PE. Es posible que esto pueda bloquear el motor de escaneo. • https://www.withsecure.com/en/expertise/people https://www.withsecure.com/en/support/security-advisories • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-28874 – Multiple Denial-of-Service (DoS) Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-28874
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. Se han detectado múltiples vulnerabilidades de Denegación de Servicio en F-Secure Atlant y en determinados productos WithSecure mientras son escaneados archivos PE32-bit fuzzed que causan corrupción de memoria y desbordamiento de búfer de la pila, lo que eventualmente puede bloquear el motor de escaneo. La explotación puede ser desencadenada remotamente por un atacante • https://www.f-secure.com/en/home/support/security-advisories https://www.withsecure.com/en/support/security-advisories • CWE-787: Out-of-bounds Write •