Vulnerabilities > F Secure > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-44750 | Unspecified vulnerability in F-Secure products An arbitrary code execution vulnerability was found in the F-Secure Support Tool. network f-secure | 8.5 |
| 2014-04-18 | CVE-2013-7369 | SQL Injection vulnerability in F-Secure products SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. | 7.5 |
| 2009-02-06 | CVE-2008-6085 | Numeric Errors vulnerability in F-Secure products Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow. | 7.6 |
| 2008-02-22 | CVE-2008-0910 | Permissions, Privileges, and Access Controls vulnerability in F-Secure products Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. | 7.5 |
| 2007-05-31 | CVE-2007-2966 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in F-Secure products Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. | 7.5 |
| 2007-05-31 | CVE-2007-2965 | Local Security vulnerability in Internet Gatekeeper Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." | 7.2 |
| 2007-03-21 | CVE-2007-1557 | Local Format String vulnerability in F-Secure Anti-Virus 6.02 Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page. | 7.2 |
| 2006-06-06 | CVE-2006-2838 | Denial-Of-Service vulnerability in F-Secure Anti-Virus and Internet Gatekeeper Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. | 7.6 |
| 2006-01-21 | CVE-2006-0337 | Archive Handling vulnerability in F-Secure Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. | 7.5 |
| 2005-11-18 | CVE-2005-3664 | Remote Buffer Overflow vulnerability in Kaspersky Anti-Virus Engine CHM File Parser Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file. | 7.5 |