CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-28874 – Multiple Denial-of-Service (DoS) Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-28874
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. Se han detectado múltiples vulnerabilidades de Denegación de Servicio en F-Secure Atlant y en determinados productos WithSecure mientras son escaneados archivos PE32-bit fuzzed que causan corrupción de memoria y desbordamiento de búfer de la pila, lo que eventualmente puede bloquear el motor de escaneo. La explotación puede ser desencadenada remotamente por un atacante • https://www.f-secure.com/en/home/support/security-advisories https://www.withsecure.com/en/support/security-advisories • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28873 – Multiple Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28873
A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE. Un atacante puede explotar potencialmente la funcionalidad de Javascript window.open en el navegador SAFE, lo que podría conllevar a ataques de suplantación de la barra de direcciones • https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28873 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28872 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28872
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podría realizar un ataque de phishing con suplantación de la barra de direcciones, ya que la barra de direcciones no era correcta si la navegación fallaba en un bucle • https://www.f-secure.com/en/home/support/security-advisories •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28871 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-28871
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en F-Secure Atlant versiones anteriores a 2022-04-12_01 por la que el componente fsicapd usado en ciertos productos de F-Secure mientras escanea paquetes/archivos de gran tamaño consume demasiada memoria, pudiendo llegar a bloquear el motor de escaneo. La explotación puede ser desencadenada remotamente por un atacante • https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28871 https://www.withsecure.com/en/support/security-advisories/cve-2022-28871 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28869 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2022-28869
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. Se ha detectado una vulnerabilidad que afectaba al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que el navegador no mostraba la URL completa, como el número de puerto • https://www.f-secure.com/en/home/support/security-advisories https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28869 •