CVE-2021-40834 – User interface Spoofing in F-Secure SAFE browser for Android
https://notcve.org/view.php?id=CVE-2021-40834
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. Se ha detectado una vulnerabilidad de superposición de la interfaz de usuario en F-secure SAFE Browser para Android. Cuando el usuario hace clic en una URL aparentemente legítima especialmente diseñada, el navegador SAFE pasa a pantalla completa y oculta la interfaz de usuario. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40834 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2021-40833 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40833
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el desempaquetado de archivos UPX puede conllevar a una denegación de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833 • CWE-404: Improper Resource Shutdown or Release •
CVE-2021-40832 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40832
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. Se ha detectado una vulnerabilidad de Denegación de Servicio (DoS) en F-Secure Atlant, por la que el componente del módulo de desempaquetado AVRDL usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotación puede ser desencadenada remotamente por un atacante. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832 •
CVE-2021-33603 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-33603
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. Se ha detectado una vulnerabilidad de Denegación de Servicio (DoS) en F-Secure Atlant por la que el componente del módulo AVPACK usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotación puede ser desencadenada remotamente por un atacante. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603 •
CVE-2021-33602 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-33602
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. Se ha detectado una vulnerabilidad que afecta al motor de F-Secure Antivirus cuando el motor intenta descomprimir un archivo zip (método de descompresión LZW), y esto puede bloquear el motor de análisis. La vulnerabilidad puede ser explotada remotamente por un atacante. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •