Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor F-secure Subscribe
Total 114 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28874 4 Apple, F-secure, Microsoft and 1 more 7 Macos, Atlant, Elements Endpoint Protection and 4 more 2022-06-06 5.0 MEDIUM 7.5 HIGH
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
CVE-2022-28873 1 F-secure 1 Safe 2022-05-23 4.3 MEDIUM 4.3 MEDIUM
A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.
CVE-2022-28872 1 F-secure 1 Safe 2022-05-23 6.8 MEDIUM 8.8 HIGH
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop.
CVE-2022-28869 1 F-secure 1 Safe 2022-04-26 4.3 MEDIUM 4.3 MEDIUM
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number.
CVE-2022-28868 1 F-secure 1 Safe 2022-04-26 4.3 MEDIUM 4.3 MEDIUM
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site.
CVE-2022-28870 1 F-secure 1 Safe 2022-04-25 4.3 MEDIUM 4.3 MEDIUM
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.
CVE-2021-44751 1 F-secure 1 Safe 2022-04-04 5.0 MEDIUM 5.3 MEDIUM
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.
CVE-2021-44750 2 F-secure, Microsoft 6 Client Security, Countercept, Elements and 3 more 2022-03-15 8.5 HIGH 7.3 HIGH
An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.
CVE-2021-44749 1 F-secure 1 Safe 2022-03-11 4.3 MEDIUM 9.6 CRITICAL
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution.
CVE-2021-44748 1 F-secure 1 Safe 2022-03-11 4.3 MEDIUM 6.1 MEDIUM
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.
CVE-2021-40837 3 Apple, F-secure, Microsoft 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more 2022-02-11 5.0 MEDIUM 5.3 MEDIUM
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
CVE-2021-40835 1 F-secure 1 Safe 2022-01-03 4.3 MEDIUM 4.3 MEDIUM
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.
CVE-2021-40836 3 Apple, F-secure, Microsoft 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more 2021-12-28 4.3 MEDIUM 5.5 MEDIUM
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
CVE-2021-40834 1 F-secure 1 Safe 2021-12-14 4.3 MEDIUM 4.3 MEDIUM
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.
CVE-2021-40833 3 Apple, F-secure, Microsoft 7 Macos, Atlant, Elements Endpoint Protection and 4 more 2021-11-30 4.3 MEDIUM 5.5 MEDIUM
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
CVE-2021-33603 3 Apple, F-secure, Microsoft 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more 2021-10-15 4.3 MEDIUM 6.5 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-40832 3 Apple, F-secure, Microsoft 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more 2021-10-15 4.3 MEDIUM 6.5 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVE-2021-33602 1 F-secure 4 Atlant, Cloud Protection, Internet Gatekeeper and 1 more 2021-10-14 5.0 MEDIUM 5.3 MEDIUM
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.
CVE-2021-33601 1 F-secure 1 Internet Gatekeeper 2021-10-08 6.5 MEDIUM 8.8 HIGH
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.
CVE-2021-33600 1 F-secure 1 Internet Gatekeeper 2021-10-08 5.0 MEDIUM 7.5 HIGH
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.