Vulnerabilities (CVE)

Filtered by vendor F-secure Subscribe
Total 121 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40836 3 Apple, F-secure, Microsoft 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
CVE-2021-33601 1 F-secure 1 Internet Gatekeeper 2024-02-28 6.5 MEDIUM 8.8 HIGH
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.
CVE-2021-33603 3 Apple, F-secure, Microsoft 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33602 1 F-secure 4 Atlant, Cloud Protection, Internet Gatekeeper and 1 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
CVE-2021-40833 3 Apple, F-secure, Microsoft 7 Macos, Atlant, Elements Endpoint Protection and 4 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
CVE-2021-40837 3 Apple, F-secure, Microsoft 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
CVE-2021-40832 3 Apple, F-secure, Microsoft 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33600 1 F-secure 1 Internet Gatekeeper 2024-02-28 5.0 MEDIUM 7.5 HIGH
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.
CVE-2021-33594 1 F-secure 1 Safe 2024-02-28 3.5 LOW 3.5 LOW
An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.
CVE-2021-33596 1 F-secure 1 Safe 2024-02-28 3.5 LOW 4.1 MEDIUM
Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
CVE-2021-33599 3 Apple, F-secure, Microsoft 6 Macos, Atlant, Cloud Protection For Salesforce and 3 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
CVE-2021-33597 3 Apple, F-secure, Microsoft 6 Macos, Business Suite, Client Security and 3 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33598 3 Apple, F-secure, Microsoft 5 Macos, Atlant, Elements Endpoint Protection and 2 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33572 1 F-secure 4 Cloud Protection For Salesforce, Elements For Microsoft 365, Endpoint Protection and 1 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33595 1 F-secure 1 Safe 2024-02-28 3.5 LOW 3.5 LOW
A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.
CVE-2020-14977 1 F-secure 1 Safe 2024-02-28 9.3 HIGH 8.1 HIGH
An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.
CVE-2020-14978 1 F-secure 1 Safe 2024-02-28 9.3 HIGH 8.1 HIGH
An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.
CVE-2020-9342 1 F-secure 3 Cloud Protection For Salesforce, Email And Server Security, Internet Gatekeeper 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.
CVE-2019-11644 1 F-secure 5 Client Security, Computer Protection, Internet Security and 2 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
CVE-2018-6324 1 F-secure 1 Radar 2024-02-28 5.8 MEDIUM 6.1 MEDIUM
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.