CVE-2021-40835 – URL Address Bar Spoofing in F-Secure SAFE Browser for iOS
https://notcve.org/view.php?id=CVE-2021-40835
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories •
CVE-2021-40834 – User interface Spoofing in F-Secure SAFE browser for Android
https://notcve.org/view.php?id=CVE-2021-40834
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. Se ha detectado una vulnerabilidad de superposición de la interfaz de usuario en F-secure SAFE Browser para Android. Cuando el usuario hace clic en una URL aparentemente legítima especialmente diseñada, el navegador SAFE pasa a pantalla completa y oculta la interfaz de usuario. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40834 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2021-40833 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40833
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el desempaquetado de archivos UPX puede conllevar a una denegación de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40833 • CWE-404: Improper Resource Shutdown or Release •
CVE-2021-40832 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40832
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. Se ha detectado una vulnerabilidad de Denegación de Servicio (DoS) en F-Secure Atlant, por la que el componente del módulo de desempaquetado AVRDL usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotación puede ser desencadenada remotamente por un atacante. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832 •
CVE-2021-33603 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-33603
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. Se ha detectado una vulnerabilidad de Denegación de Servicio (DoS) en F-Secure Atlant por la que el componente del módulo AVPACK usado en determinados productos de F-Secure puede bloquearse mientras se escanean archivos con problemas. La explotación puede ser desencadenada remotamente por un atacante. • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603 •