Lucene search
K
F-secureInternet Gatekeeper

46 matches found

CVE
CVE
added 2020/02/22 10:41 p.m.117 views

CVE-2020-9342

Summary: CVE-2020-9342 affects the F-Secure AV parsing engine prior to 2020-02-05, enabling a virus-detection bypass via crafted Compression Method data in a GZIP archive. Affected products/versions include Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper on Lin...

5.5CVSS5.5AI score0.01641EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.110 views

CVE-2004-0234

CVE-2004-0234: LHA 1.14 contains multiple stack-based buffer overflows in get_header() of header.c, allowing remote attackers or local users to execute arbitrary code via long directory/file names in an LHA archive. The issue affects LHA as used in products such as Barracuda Spam Firewall; overfl...

10CVSS7.5AI score0.10262EPSS
Web
CVE
CVE
added 2022/03/01 11:55 a.m.108 views

CVE-2021-44747

CVE-2021-44747: A DoS vulnerability in F-Secure Linux Security targets the Fmlib component. The vulnerability can crash while scanning fuzzed files and can be triggered remotely, causing denial of service to the Anti-Virus engine. Affected outcome is a partial availability impact for the AV compo...

6.5CVSS5.5AI score0.00625EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.101 views

CVE-2004-0235

CVE-2004-0235 impacts LHa (LHA) 1.14.x releases. Multiple directory traversal vulnerabilities allow remote attackers or local users to create arbitrary files via an archive containing filenames with .. sequences or absolute paths (//absolute/path). The issue affects LHA 1.14 (and related variants...

6.4CVSS6.5AI score0.04122EPSS
CVE
CVE
added 2022/02/09 12:10 p.m.87 views

CVE-2021-40837

The CVE-2021-40837 issue affects the F-Secure antivirus engine prior to Capricorn update 2022-02-01_01. The vulnerability arises during ACE file decompression, triggering a denial-of-service condition where the scanner service stops. It can be exploited remotely by an attacker, leading to availab...

5.3CVSS4.9AI score0.00657EPSS
CVE
CVE
added 2021/09/28 9:6 a.m.85 views

CVE-2021-33600

The CVE-2021-33600 entry describes a DoS in the web UI of F-Secure Internet Gatekeeper. An unauthenticated, remote attacker can trigger an assertion by sending a malformed HTTP request with a very large username parameter, potentially taking the product offline. Several connected sources (e.g., R...

7.5CVSS6.3AI score0.00588EPSS
CVE
CVE
added 2010/04/15 9:12 p.m.84 views

CVE-2010-1425

Summary: CVE-2010-1425 affects F-Secure and related antivirus products, whose scanning engines fail to detect malware in specially crafted 7Z, GZIP, CAB, and RAR archives. The issue enables remote malware delivery by archive content evasion, impacting several F-Secure offerings (including Interne...

5CVSS6.8AI score0.02151EPSS
CVE
CVE
added 2022/05/25 3:9 p.m.80 views

CVE-2022-28875

The CVE-2022-28875 entry describes a DoS flaw in F-Secure Atlant and certain WithSecure products where scanning the aemobile component crashes the scanning engine. The vulnerability can be triggered remotely by an attacker, indicating remote attack practicality. The connected records consistently...

6.5CVSS5.4AI score0.00498EPSS
CVE
CVE
added 2022/07/22 3:29 p.m.80 views

CVE-2022-28878

CVE-2022-28878 describes a Denial-of-Service in F-Secure Atlant and some WithSecure products where scanning fuzzed APK files can crash the scanning engine. Public details in the initial document indicate impact to availability but do not specify affected versions, exact vulnerable components, roo...

7.5CVSS5.8AI score0.00398EPSS
CVE
CVE
added 2022/08/10 4:3 p.m.80 views

CVE-2022-28881

CVE-2022-28881 describes a DoS in F-Secure Atlant due to a crash in the unpacker of the aerdl.dll component, causing the scanning engine to crash. A remote attacker could trigger the condition. Public documents consistently identify the affected software as F-Secure Atlant / WithSecure products a...

7.5CVSS5.8AI score0.00414EPSS
CVE
CVE
added 2022/08/23 3:54 p.m.76 views

CVE-2022-28882

CVE-2022-28882 affects F-Secure & WithSecure products. The issue is in the aegen.dll component, which can enter an infinite loop when unpacking PE files, causing the scanning engine to crash. The vulnerability can be triggered remotely by an attacker, as noted in the source description. Some conn...

7.5CVSS5.8AI score0.00388EPSS
CVE
CVE
added 2022/10/12 12:0 a.m.76 views

CVE-2022-28887

CVE-2022-28887 describes a Denial-of-Service condition in F-Secure & WithSecure products. The vulnerability stems from the aerdl.dll unpacker handler function , which can crash the scanning engine, leading to a potential service disruption. Public details consistently reference a DoS impact but d...

7.5CVSS5.8AI score0.00366EPSS
CVE
CVE
added 2006/01/21 12:0 a.m.73 views

CVE-2006-0338

The CVE-2006-0338 entry applies to multiple F-Secure Anti-Virus products on Windows and Linux (Windows Servers 5.52 and earlier; Internet Security 2004–2006; Linux Servers 4.64 and earlier). The vulnerability stems from how ZIP and RAR archives are handled, with malformed archives not being scann...

5CVSS6.9AI score0.02984EPSS
CVE
CVE
added 2022/09/23 6:24 p.m.73 views

CVE-2022-28886

CVE-2022-28886 affects F-Secure and WithSecure products. The aerdl.so/aerdl.dll component may enter an infinite loop while unpacking PE files, potentially crashing the scanning engine. The available sources indicate a DoS impact without detailing affected versions or a published fix in the provid...

5.5CVSS4.9AI score0.00408EPSS
CVE
CVE
added 2021/10/06 9:59 a.m.72 views

CVE-2021-33602

The CVE-2021-33602 issue affects the F-Secure Antivirus engine, where unpacking a ZIP archive via LZW decompression can crash the scanning engine. Exploitation is described as remote and can result in Denial-of-Service of the antivirus engine. Supported sources (Red Hat, NVD, CVE lists, CNNVD) co...

5.5CVSS5.2AI score0.00563EPSS
CVE
CVE
added 2009/05/22 8:0 p.m.71 views

CVE-2009-1782

CVE-2009-1782 affects multiple F‑Secure products (e.g., Anti‑Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper 6.61 and earlier; Internet Security 2009 and earlier; Anti‑Virus 2009 and earlier; Client Security 8.0 and earlier) and enables bypass of malware detection when processi...

6.8CVSS6.6AI score0.02209EPSS
CVE
CVE
added 2022/08/05 4:46 p.m.71 views

CVE-2022-28880

CVE-2022-28880 affects F-Secure Atlant and certain WithSecure products. The vulnerability occurs in the scanning engine when processing fuzzed PE32-bit files, potentially crashing the engine and causing a Denial-of-Service. Exploitation is described as remotely triggerable. The connected document...

7.5CVSS5.8AI score0.00414EPSS
CVE
CVE
added 2022/08/23 3:54 p.m.71 views

CVE-2022-28883

CVE-2022-28883 is a DoS vulnerability affecting F-Secure & WithSecure products. The issue arises in the aerdl unpack function, where the unpack process crashes, potentially causing a scanning engine crash. Exploitation can be triggered remotely by an attacker. The available connected documents de...

7.5CVSS5.4AI score0.00515EPSS
CVE
CVE
added 2022/07/14 2:45 p.m.70 views

CVE-2022-28876

CVE-2022-28876 affects F-Secure Atlant and certain WithSecure products. The aeheur.dll component used by the scanner can crash the scanning engine, enabling a remote attacker to trigger a DoS. Impact is availability loss (per documents). Exploitation details are limited to remote trigger; no reme...

7.5CVSS5.8AI score0.00398EPSS
CVE
CVE
added 2021/10/08 9:45 a.m.68 views

CVE-2021-33603

CVE-2021-33603 affects F‑Secure Atlant with the AVPACK module, where the component can crash while scanning fuzzed files. The vulnerability enables a remote attacker to trigger a DoS of the antivirus engine. The available documents identify the affected product family (F‑Secure Atlant) and the vu...

6.5CVSS5.9AI score0.00545EPSS
CVE
CVE
added 2022/07/22 3:27 p.m.68 views

CVE-2022-28879

CVE-2022-28879 affects F-Secure Atlant and some WithSecure products. The issue arises during scanning of the aepack.dll component, which can crash the scanning engine and cause a Denial-of-Service. Public details in the provided documents confirm the vulnerability impact (availability loss) and t...

7.5CVSS5.8AI score0.00398EPSS
CVE
CVE
added 2007/05/31 11:0 p.m.66 views

CVE-2007-2966

CVE-2007-2966 describes a buffer overflow in the LHA decompression component of F-Secure antivirus products for Windows and Linux (pre-20070529). The flaw is triggered by a crafted LHA archive and is tied to an integer wrap issue, enabling remote attackers to potentially execute arbitrary code or...

7.5CVSS7.7AI score0.05208EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.63 views

CVE-2003-1015

CVE-2003-1015: Affects multiple content security gateway and antivirus products. Issue: MIME messages that use whitespace in an unusual fashion may be interpreted differently by mail clients, allowing bypass of content restrictions (vulnerability in how MIME is parsed). Impact: potential bypass o...

7.5CVSS6.8AI score0.02446EPSS
CVE
CVE
added 2005/02/11 5:0 a.m.62 views

CVE-2005-0350

CVE-2005-0350 describes a heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products. The vulnerability allows a remote attacker to execute arbitrary code by sending a crafted ARJ archive. The CVSS metrics indicate a network-exposed, low-attack-complexity issue with...

7.5CVSS8.4AI score0.03281EPSS
CVE
CVE
added 2007/05/31 11:0 p.m.62 views

CVE-2007-2967

The CVE-2007-2967 entry affects multiple F‑Secure antivirus products for Windows and Linux prior to 20070522. The vulnerability is a denial of service via crafted ARJ archives or FSG packed files that can cause a file-scanning infinite loop within the scanner component. Impact is a complete denia...

10CVSS6.8AI score0.04789EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.61 views

CVE-2004-0162

The CVE-2004-0162 entry describes a vulnerability in multiple content security gateway and antivirus products where MIME encapsulation using RFC822 comment fields can be misinterpreted by mail clients, allowing bypass of content restrictions. The affected software is referred to generically (mult...

7.5CVSS7.3AI score0.02383EPSS
CVE
CVE
added 2021/12/22 11:14 a.m.61 views

CVE-2021-40836

The CVE-2021-40836 entry describes a DoS in the F-Secure antivirus engine when scanning MS Outlook .pst files. Vulnerability can be exploited remotely, leading to availability impact (partial) of the antivirus engine. Connected sources confirm the affected product (F-Secure antivirus engine) and ...

5.5CVSS5AI score0.00457EPSS
CVE
CVE
added 2007/05/31 11:0 p.m.60 views

CVE-2007-2965

CVE-2007-2965 concerns the Real-time Scanning component across multiple F-Secure products (Internet Security 2005–2007, Anti-Virus 2005–2007, and related Protection Service for Consumers 6.40 and earlier). The root cause is improper validation in IOCTL/I/O space handling, allowing a crafted I/O r...

7.2CVSS6.5AI score0.00353EPSS
CVE
CVE
added 2021/09/28 9:8 a.m.60 views

CVE-2021-33601

Summary: CVE-2021-33601 affects the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings via the Web UI, leading to arbitrary code execution on the F-Secure Internet Gatekeeper server. The connected Red Hat, CNVD, NVD, and other records corroborate this as...

8.8CVSS8.3AI score0.00911EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.59 views

CVE-2004-0161

The CVE-2004-0161 issue affects multiple content security gateway and antivirus products. The vulnerability allows remote attackers to bypass content restrictions by sending MIME messages encoded with RFC2231, which can be interpreted differently by mail clients. The NVD entry shows a base CVSS v...

7.5CVSS7.3AI score0.02383EPSS
CVE
CVE
added 2005/08/20 4:0 a.m.58 views

CVE-2004-2442

CVE-2004-2442 covers a multiple interpretation error in several F-Secure Anti-Virus products (including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, and Anti-Virus for Linux/Gateways 4.61 and earlier). The issue allows remote attackers to bypass an...

5CVSS6.6AI score0.10639EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.58 views

CVE-2022-28884

CVE-2022-28884 affects F-Secure and WithSecure products, where the aerdl.dll component may enter an infinite loop while unpacking PE files, potentially crashing the scanning engine. The provided sources describe a Denial-of-Service risk due to this loop, with no concrete exploit details or listed...

7.5CVSS5.8AI score0.00414EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.56 views

CVE-2004-0052

CVE-2004-0052 concerns multiple content security gateways and antivirus products. It describes bypassing content restrictions via MIME messages that use non-standard separator characters or misuse standard separators in MIME headers/fields/parameters, leading to potential partial exposure of conf...

7.5CVSS6.8AI score0.02383EPSS
CVE
CVE
added 2005/08/18 4:0 a.m.56 views

CVE-2004-2405

CVE-2004-2405 describes a buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, triggered by a malformed LHA archive. Impact stated: remote attackers could bypass scanning or cause a denial of service (crash or module restart), depending on the ...

6.4CVSS7.4AI score0.01716EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.55 views

CVE-2004-0051

CVE-2004-0051 affects multiple content security gateway and antivirus products. The issue arises from MIME Content-Transfer-Encoding values that are non-standard but widely supported (uuencode, mac-binhex40, yenc), which may be interpreted differently by mail clients and allow remote attackers to...

7.5CVSS6.8AI score0.02383EPSS
CVE
CVE
added 2011/02/18 4:0 p.m.55 views

CVE-2011-0453

The CVE covers F-Secure Internet Gatekeeper for Linux, 3.x (pre-3.03). The vulnerability is an authentication flaw that allows reading access logs via the admin UI port, enabling remote attackers to obtain potentially sensitive information from log files. Affected product: F-Secure Internet Gatek...

5CVSS6.5AI score0.02347EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.54 views

CVE-2004-0053

The CVE-2004-0053 issue affects multiple content security gateway and antivirus products, where RFC2047-encoded MIME fields can be interpreted differently by mail clients, enabling remote attackers to bypass content restrictions. The root cause is inconsistent handling/interpretation of RFC2047 e...

7.5CVSS6.8AI score0.02383EPSS
CVE
CVE
added 2005/11/02 11:0 p.m.54 views

CVE-2005-3468

CVE-2005-3468 describes a directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40–6.42. The flaw lets limited remote attackers bypass Web Console authentication and read files, exposing partial confidentiality. The provided documents confi...

5CVSS7.3AI score0.02077EPSS
CVE
CVE
added 2006/01/21 12:0 a.m.54 views

CVE-2006-0337

CVE-2006-0337 affects F-Secure Anti-Virus products for Windows and Linux (e.g., Windows Servers 5.52 and earlier; Internet Security 2004–2006; Linux Servers 4.64 and earlier). The vulnerability is a buffer overflow triggered by specially crafted ZIP archives, allowing remote code execution. Repor...

7.5CVSS8AI score0.05808EPSS
CVE
CVE
added 2007/06/20 10:0 p.m.54 views

CVE-2007-3300

CVE-2007-3300 affects multiple F-Secure anti-virus products for Windows and Linux prior to 20070619. The vulnerability allows remote attackers to bypass scanning by exploiting a crafted header in (1) LHA or (2) RAR archives. Root cause is a flaw in header handling that enables bypass of the antiv...

9.3CVSS6.7AI score0.03711EPSS
CVE
CVE
added 2006/06/06 8:3 p.m.52 views

CVE-2006-2838

CVE-2006-2838 affects F-Secure products with a buffer overflow in the Web Console of multiple components, specifically F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40–6.42, and 6.50. The vulnerability allows an unauthenticated, remote attacker to cause a denial of ser...

7.6CVSS7.8AI score0.0569EPSS
CVE
CVE
added 2005/11/16 7:37 a.m.51 views

CVE-2005-3546

The CVE-2005-3546 entry concerns F-Secure products: Internet Gatekeeper for Linux prior to 2.15.484 and Anti-Virus Linux Gateway prior to 2.16. The issue arises from SUID scripts (suid.cgi) being installed with world-executable permissions, enabling local users to gain privilege. The root cause i...

7.2CVSS7AI score0.00804EPSS
CVE
CVE
added 2021/10/08 9:45 a.m.51 views

CVE-2021-40832

The CVE-2021-40832 issue affects F‑Secure Atlant’s AVRDL unpacking module used in certain F‑Secure products. The vulnerability causes the unpacking component to crash while scanning fuzzed files, and can be triggered remotely, resulting in a Denial-of-Service (DoS) of the Anti-Virus engine. The c...

6.5CVSS5.9AI score0.00545EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.50 views

CVE-2004-0830

The CVE-2004-0830 issue affects the Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange (versions 6.01/6.21 and earlier) and F-Secure Internet Gatekeeper 6.32 and earlier. It stems from an input validation/exception handling error when processing malformed packets sent to the Con...

5CVSS6.6AI score0.01591EPSS
CVE
CVE
added 2021/11/26 4:39 p.m.49 views

CVE-2021-40833

CVE-2021-40833 affects the F-Secure antivirus engine. The vulnerability arises in UPX unpacking, leading to denial-of-service. Exploitation is described as possible remotely in the CVE summary, but the connected documents do not provide explicit exploitation steps, affected versions, specific vul...

5.5CVSS5.4AI score0.00393EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.44 views

CVE-2003-1016

The CVE-2003-1016 entry describes a vulnerability in multiple content security gateway and antivirus products where remote attackers can bypass content restrictions by sending MIME messages with malformed quoting in headers/parameters/values. The issue arises from fields that should not be quoted...

7.5CVSS7.2AI score0.02446EPSS