Vulnerabilities > F Secure

DATE CVE VULNERABILITY TITLE RISK
2021-06-21 CVE-2021-33572 Null Pointer Dereference vulnerability in F-Secure products
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files.
network
low complexity
f-secure CWE-476
4.0
2020-06-23 CVE-2020-14978 Missing Authorization vulnerability in F-Secure Safe 17.7
An issue was discovered in F-Secure SAFE 17.7 on macOS.
network
f-secure CWE-862
critical
9.3
2020-06-23 CVE-2020-14977 Improper Input Validation vulnerability in F-Secure Safe 17.7
An issue was discovered in F-Secure SAFE 17.7 on macOS.
network
f-secure CWE-20
critical
9.3
2020-02-22 CVE-2020-9342 Improper Input Validation vulnerability in F-Secure products
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive.
network
f-secure CWE-20
4.3
2019-05-17 CVE-2019-11644 Uncontrolled Search Path Element vulnerability in F-Secure products
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer.
network
f-secure CWE-427
6.8
2018-06-13 CVE-2018-10403 Improper Certificate Validation vulnerability in F-Secure Xfence
An issue was discovered in F-Secure XFENCE and Little Flocker.
network
f-secure CWE-295
6.8
2018-02-16 CVE-2018-6324 Open Redirect vulnerability in F-Secure Radar 3.9.1
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.
network
f-secure CWE-601
5.8
2018-02-16 CVE-2018-6189 Cross-Site Scripting vulnerability in F-Secure Radar 3.9.1
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue.
network
f-secure CWE-79
4.3
2017-08-02 CVE-2015-8264 Untrusted Search Path vulnerability in F-Secure Online Scanner
Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe.
network
f-secure CWE-426
6.8
2017-03-11 CVE-2017-6466 Improper Input Validation vulnerability in F-Secure Software Updater 2.20
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download.
network
f-secure CWE-20
critical
9.3