CVE-2021-44749 – Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android
https://notcve.org/view.php?id=CVE-2021-44749
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. Se ha detectado una vulnerabilidad que afecta a la protección del navegador F-Secure SAFE. Un manejo inapropiado de las URLs puede causar una vulnerabilidad de tipo cross-site scripting universal mediante la protección de la navegación en un navegador web SAFE. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44749 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-44748 – Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android
https://notcve.org/view.php?id=CVE-2021-44748
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE por la que los navegadores cargan imágenes automáticamente esta vulnerabilidad puede ser explotada de forma remota por un atacante para ejecutar el JavaScript puede ser usado para desencadenar un ataque de tipo cross-site scripting universal mediante el navegador. Es requerida una interacción del usuario antes de la explotación, como entrar en un sitio web malicioso para desencadenar la vulnerabilidad • https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-44747 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-44747
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en F-Secure Linux Security por la que el componente Fmlib usado en determinados productos de F-Secure puede bloquearse mientras son escaneados archivos fuzzed. La explotación puede ser desencadenada remotamente por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •
CVE-2021-40837 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40837
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure versiones anteriores a la actualización 2022-02-01_01 de Capricorn, por la que una descompresión del archivo ACE causa la detención del servicio de escáner. La vulnerabilidad puede ser explotada de forma remota por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40837 •
CVE-2021-40836 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40836
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el análisis de archivos .pst de MS outlook puede conllevar a una denegación de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •