CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-33598 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-33598
23 Aug 2021 — A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. Se ha detectado una vulnerabilidad de Denegación de Servicio (DoS) en todas las versiones de F-Secure Atlant por la que el componente SAVAPI usado en determinados productos de F-Sec... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33594 – F-Secure Safe browser for Android vulnerable to Address Bar Spoofing
https://notcve.org/view.php?id=CVE-2021-33594
11 Aug 2021 — An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. Se ha detectado una vulnerabilidad de suplantación de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una U... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33595 – F-Secure Safe browser for iOS vulnerable to Address Bar Spoofing
https://notcve.org/view.php?id=CVE-2021-33595
11 Aug 2021 — A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. Se ha detectado una vulnerabilidad de suplantación de la barra de direcciones en Safe Browser para iOS. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33597 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-33597
05 Aug 2021 — A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en F-Secure Atlant por la que el componente SAVAPI usado en determinados productos de F-Secure puede bloquearse mientras se escane... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33596 – Fake Apple login prompt in F-Secure SAFE browser for iOS
https://notcve.org/view.php?id=CVE-2021-33596
05 Aug 2021 — Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS. Mostrar la URL legítima en la barra de direcciones mientras se carga el contenido de otro dominio. Esto hace creer al usuario que el contenido es servido por... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33572 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-33572
21 Jun 2021 — A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. Se ha detectado una vulnerabilidad de Denegación de Servicio (DoS) en F-Secure Linux Security por la que el componente FSAVD usado en determinados productos de F-Secure puede... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14977
https://notcve.org/view.php?id=CVE-2020-14977
23 Jun 2020 — An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. Se detectó un problema en F-Secure SAFE versión 17.7 en macOS. Los servicios XPC usan el PID para identificar al cliente que se conecta, lo que permite a un atacante llevar ... • https://theevilbit.github.io/posts •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14978
https://notcve.org/view.php?id=CVE-2020-14978
23 Jun 2020 — An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. Se detectó un problema en F-Secure SAFE versión 17.7 en macOS. Debido a una verificación de versión de cliente incorrecta, un atacante puede conectarse a un servicio XPC privilegiado y ejecutar comandos privilegiados en el sistema. • https://theevilbit.github.io/posts •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9342 – F-SECURE Generic Malformed Container Bypass
https://notcve.org/view.php?id=CVE-2020-9342
22 Feb 2020 — The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper. El motor de análisis de F-Secure AV antes del 05-02-2020, permite omitir la detección de virus mediante datos de Compression Method diseñados en un archivo GZIP. Esto afecta a las versiones anteriores a 17.0.605.474 (en Linux) de Cloud P... • http://packetstormsecurity.com/files/156506/F-SECURE-Generic-Malformed-Container-Bypass.html • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-11644
https://notcve.org/view.php?id=CVE-2019-11644
17 May 2019 — In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process th... • https://www.f-secure.com/en/web/labs_global/fsc-2019-2 • CWE-427: Uncontrolled Search Path Element •