CVE-2021-44748 – Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2021-44748
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE por la que los navegadores cargan imágenes automáticamente esta vulnerabilidad puede ser explotada de forma remota por un atacante para ejecutar el JavaScript puede ser usado para desencadenar un ataque de tipo cross-site scripting universal mediante el navegador. Es requerida una interacción del usuario antes de la explotación, como entrar en un sitio web malicioso para desencadenar la vulnerabilidad • https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-44747 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-44747
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en F-Secure Linux Security por la que el componente Fmlib usado en determinados productos de F-Secure puede bloquearse mientras son escaneados archivos fuzzed. La explotación puede ser desencadenada remotamente por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •
CVE-2021-40837 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40837
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure versiones anteriores a la actualización 2022-02-01_01 de Capricorn, por la que una descompresión del archivo ACE causa la detención del servicio de escáner. La vulnerabilidad puede ser explotada de forma remota por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837 •
CVE-2021-40836 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40836
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el análisis de archivos .pst de MS outlook puede conllevar a una denegación de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •
CVE-2021-40835 – URL Address Bar Spoofing in F-Secure SAFE Browser for iOS
https://notcve.org/view.php?id=CVE-2021-40835
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories •