CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10403
https://notcve.org/view.php?id=CVE-2018-10403
13 Jun 2018 — An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. Se ha descubierto un problema en F-Secure XFENCE y Little Flocker. Un binario universal/fat manipulado puede evadir las comprobaciones de firma de código de terceros. • https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6189 – F-Secure Radar Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6189
16 Feb 2018 — F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue. F-Secure Radar (local) anterior a 2018-02-15 tiene XSS mediante vectores relacionados con el parámetro Tags en el cuerpo de la petición JSON en una petición saliente para el recurso /api/latest/vulnerabilityscans/tags/batch. Esto también se conoce como probl... • https://packetstorm.news/files/id/146426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6324 – F-Secure Radar Open Redirect
https://notcve.org/view.php?id=CVE-2018-6324
16 Feb 2018 — F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. F-Secure Radar (local) anterior a 2018-02-15 tiene una redirección no válida mediante el parámetro ReturnUrl que se desencadena al iniciar sesión un usuario. F-Secure Radar suffers from an open redirection vulnerability. • https://packetstorm.news/files/id/146429 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8264
https://notcve.org/view.php?id=CVE-2015-8264
02 Aug 2017 — Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe. Una vulnerabilidad de tipo ruta de búsqueda no confiable en F-Secure Online Scanner permite que atacantes remotos ejecuten código arbitrario y realicen ataques de secuestro de DLL utilizando un archivo DLL troyano que se encuentra en la misma carpeta que F-SecureOnlineScanner.... • http://seclists.org/fulldisclosure/2016/Mar/64 • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6466
https://notcve.org/view.php?id=CVE-2017-6466
11 Mar 2017 — F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When ru... • http://seclists.org/fulldisclosure/2017/Mar/28 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6646
https://notcve.org/view.php?id=CVE-2012-6646
18 Apr 2014 — F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors. F-Secure Anti-Virus, Safe Anywhere y PSB Workstation Security anterior a 11500 para Mac OS X permite a usuarios locales deshabilitar el firewall de Mac OS X a través de vectores no especificados. • http://www.f-secure.com/en/web/labs_global/fsc-2012-2 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2844
https://notcve.org/view.php?id=CVE-2014-2844
18 Apr 2014 — Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin. Vulnerabilidad de XSS en F-Secure Messaging Secure Gateway 7.5.0 anterior a Patch 1862 permite a administradores remotos autenticados inyectar script Web o HTML arbitrarios a través del parámetro nuevo en el módulo SysUser hacia admin. • http://seclists.org/fulldisclosure/2014/Apr/223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7369
https://notcve.org/view.php?id=CVE-2013-7369
18 Apr 2014 — SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. Vulnerabilidad de inyección SQL en una DLL no especificada en el control FSDBCom ... • http://www.f-secure.com/en/web/labs_global/fsc-2013-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5161
https://notcve.org/view.php?id=CVE-2010-5161
25 Aug 2012 — Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted pro... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2010-3499
https://notcve.org/view.php?id=CVE-2010-3499
22 Aug 2012 — F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors.... • http://www.n00bz.net/antivirus-cve • CWE-264: Permissions, Privileges, and Access Controls •