Search criteria
48 vulnerabilities found for linux_security_64 by f-secure
FKIE_CVE-2023-49322
Vulnerability from fkie_nvd - Published: 2023-11-27 00:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio porque hay una falla en el controlador de descompresi\u00f3n que puede provocar una falla en el motor de escaneo. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, y WithSecure Atlant 1.0.35-1. "
}
],
"id": "CVE-2023-49322",
"lastModified": "2024-11-21T08:33:14.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-27T00:15:07.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49321
Vulnerability from fkie_nvd - Published: 2023-11-27 00:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio porque el escaneo de un archivo manipulado lleva mucho tiempo y hace que el esc\u00e1ner se cuelgue. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection for Mac 17 y posteriores, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, y WithSecure Atlant 1.0.35-1. "
}
],
"id": "CVE-2023-49321",
"lastModified": "2024-11-21T08:33:14.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-27T00:15:07.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-43765
Vulnerability from fkie_nvd - Published: 2023-09-22 05:15 - Updated: 2024-11-21 08:24
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio en el componente aeelf. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43765",
"lastModified": "2024-11-21T08:24:44.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-22T05:15:09.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-43761
Vulnerability from fkie_nvd - Published: 2023-09-22 05:15 - Updated: 2024-11-21 08:24
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio (bucle infinito). Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43761",
"lastModified": "2024-11-21T08:24:43.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-22T05:15:09.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-43766
Vulnerability from fkie_nvd - Published: 2023-09-22 05:15 - Updated: 2024-11-21 08:24
Severity ?
Summary
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la escalada de privilegios Locales a trav\u00e9s del controlador de descompresi\u00f3n de archivos lhz. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43766",
"lastModified": "2024-11-21T08:24:44.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T05:15:09.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-43760
Vulnerability from fkie_nvd - Published: 2023-09-22 05:15 - Updated: 2024-11-21 08:24
Severity ?
Summary
Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio a trav\u00e9s de un archivo PE32 difuso. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43760",
"lastModified": "2024-11-21T08:24:43.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T05:15:09.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-43767
Vulnerability from fkie_nvd - Published: 2023-09-22 05:15 - Updated: 2024-11-21 08:24
Severity ?
Summary
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | linux_protection | 12.0 | |
| f-secure | linux_security_64 | 12.0 | |
| linux | linux_kernel | - | |
| f-secure | atlant | 1.0.35-1 | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| f-secure | email_and_server_security | 15.00 | |
| f-secure | server_security | 15.00 | |
| microsoft | windows | - | |
| f-secure | client_security | 15.00 | |
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
},
{
"lang": "es",
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio a trav\u00e9s del controlador de descompresi\u00f3n del archivo aepack. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"id": "CVE-2023-43767",
"lastModified": "2024-11-21T08:24:44.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T05:15:09.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-28887
Vulnerability from fkie_nvd - Published: 2022-10-12 18:15 - Updated: 2025-05-15 19:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_detection_and_response | - | |
| f-secure | elements_endpoint_protection | - | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | - | |
| f-secure | internet_gatekeeper | - | |
| f-secure | linux_security | - | |
| f-secure | linux_security_64 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*",
"matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad m\u00faltiple de Denegaci\u00f3n de Servicio (DoS) en los productos F-Secure y WithSecure por la que la funci\u00f3n del administrador de desempaquetado aerdl.dll es bloqueada. Esto puede conllevar a un posible fallo del motor de escaneo"
}
],
"id": "CVE-2022-28887",
"lastModified": "2025-05-15T19:15:54.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-12T18:15:09.417",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-28882
Vulnerability from fkie_nvd - Published: 2022-08-23 16:15 - Updated: 2024-11-21 06:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en los productos F-Secure y WithSecure por la que el archivo aegen.dll entra en un bucle infinito cuando desempaqueta archivos PE. Esto conlleva finalmente a un bloqueo del motor de escaneo. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante."
}
],
"id": "CVE-2022-28882",
"lastModified": "2024-11-21T06:58:07.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.237",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28883
Vulnerability from fkie_nvd - Published: 2022-08-23 16:15 - Updated: 2024-11-21 06:58
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f-secure | elements_endpoint_protection | * | |
| apple | macos | - | |
| microsoft | windows | - | |
| f-secure | atlant | * | |
| f-secure | cloud_protection_for_salesforce | * | |
| f-secure | elements_collaboration_protection | * | |
| f-secure | internet_gatekeeper | * | |
| f-secure | linux_security | * | |
| f-secure | linux_security_64 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31ECCE87-B67E-4CA7-91E6-8E71CEA6DA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B107FE0-0F9E-4021-917F-1224F2619339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en los productos F-Secure y WithSecure por la que la funci\u00f3n de desempaquetado de aerdl es bloqueada. Esto puede conllevar a un posible bloqueo del motor de escaneo. La explotaci\u00f3n puede ser desencadenado remotamente por un atacante."
}
],
"id": "CVE-2022-28883",
"lastModified": "2024-11-21T06:58:07.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "cve-notifications-us@f-secure.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.283",
"references": [
{
"source": "cve-notifications-us@f-secure.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-49321 (GCVE-0-2023-49321)
Vulnerability from cvelistv5 – Published: 2023-11-26 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T18:43:53.336684",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49321",
"datePublished": "2023-11-26T00:00:00",
"dateReserved": "2023-11-26T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49322 (GCVE-0-2023-49322)
Vulnerability from cvelistv5 – Published: 2023-11-26 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T18:39:36.452985",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49322",
"datePublished": "2023-11-26T00:00:00",
"dateReserved": "2023-11-26T00:00:00",
"dateUpdated": "2024-08-02T21:53:44.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43760 (GCVE-0-2023-43760)
Vulnerability from cvelistv5 – Published: 2023-09-22 00:00 – Updated: 2024-08-02 19:52
VLAI?
Summary
Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:49:13.995951",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43760",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-08-02T19:52:10.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43765 (GCVE-0-2023-43765)
Vulnerability from cvelistv5 – Published: 2023-09-22 00:00 – Updated: 2024-09-25 16:24
VLAI?
Summary
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_protection",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_security_64",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atlant",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "1.0.35-1"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "client_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elements_endpoint_protection",
"vendor": "f-secure",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "email_and_server_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T16:02:43.697885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:24:55.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:35.966471",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43765",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T16:24:55.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43761 (GCVE-0-2023-43761)
Vulnerability from cvelistv5 – Published: 2023-09-22 00:00 – Updated: 2024-09-24 19:39
VLAI?
Summary
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:33:48.651605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:39:07.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:49:02.196969",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43761",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-24T19:39:07.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43767 (GCVE-0-2023-43767)
Vulnerability from cvelistv5 – Published: 2023-09-22 00:00 – Updated: 2024-09-25 13:16
VLAI?
Summary
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:15:09.025818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:16:39.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:01.497108",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43767",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T13:16:39.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43766 (GCVE-0-2023-43766)
Vulnerability from cvelistv5 – Published: 2023-09-22 00:00 – Updated: 2024-09-25 13:17
VLAI?
Summary
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:17:40.400087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:17:56.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:16.805399",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43766",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T13:17:56.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28887 (GCVE-0-2022-28887)
Vulnerability from cvelistv5 – Published: 2022-10-12 00:00 – Updated: 2025-05-15 18:26
VLAI?
Summary
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
Severity ?
4.3 (Medium)
CWE
- Multiple Denial-of-Service (DoS) vulnerability
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T18:26:24.456869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T18:26:27.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Denial-of-Service (DoS) vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-26_09"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28887",
"datePublished": "2022-10-12T00:00:00.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-05-15T18:26:27.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28883 (GCVE-0-2022-28883)
Vulnerability from cvelistv5 – Published: 2022-08-23 15:54 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:14",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28883",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28883",
"datePublished": "2022-08-23T15:54:14",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28882 (GCVE-0-2022-28882)
Vulnerability from cvelistv5 – Published: 2022-08-23 15:54 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:02",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28882",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28882",
"datePublished": "2022-08-23T15:54:02",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49321 (GCVE-0-2023-49321)
Vulnerability from nvd – Published: 2023-11-26 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T18:43:53.336684",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49321",
"datePublished": "2023-11-26T00:00:00",
"dateReserved": "2023-11-26T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49322 (GCVE-0-2023-49322)
Vulnerability from nvd – Published: 2023-11-26 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T18:39:36.452985",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49322"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49322",
"datePublished": "2023-11-26T00:00:00",
"dateReserved": "2023-11-26T00:00:00",
"dateUpdated": "2024-08-02T21:53:44.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43760 (GCVE-0-2023-43760)
Vulnerability from nvd – Published: 2023-09-22 00:00 – Updated: 2024-08-02 19:52
VLAI?
Summary
Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:49:13.995951",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43760",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-08-02T19:52:10.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43765 (GCVE-0-2023-43765)
Vulnerability from nvd – Published: 2023-09-22 00:00 – Updated: 2024-09-25 16:24
VLAI?
Summary
Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_protection",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_security_64",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "atlant",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "1.0.35-1"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "client_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elements_endpoint_protection",
"vendor": "f-secure",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "email_and_server_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_security",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T16:02:43.697885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:24:55.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:35.966471",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43765",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T16:24:55.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43761 (GCVE-0-2023-43761)
Vulnerability from nvd – Published: 2023-09-22 00:00 – Updated: 2024-09-24 19:39
VLAI?
Summary
Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:33:48.651605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:39:07.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:49:02.196969",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43761",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-24T19:39:07.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43767 (GCVE-0-2023-43767)
Vulnerability from nvd – Published: 2023-09-22 00:00 – Updated: 2024-09-25 13:16
VLAI?
Summary
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:15:09.025818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:16:39.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:01.497108",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43767",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T13:16:39.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43766 (GCVE-0-2023-43766)
Vulnerability from nvd – Published: 2023-09-22 00:00 – Updated: 2024-09-25 13:17
VLAI?
Summary
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:17:40.400087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:17:56.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T04:48:16.805399",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43766",
"datePublished": "2023-09-22T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-09-25T13:17:56.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28887 (GCVE-0-2022-28887)
Vulnerability from nvd – Published: 2022-10-12 00:00 – Updated: 2025-05-15 18:26
VLAI?
Summary
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
Severity ?
4.3 (Medium)
CWE
- Multiple Denial-of-Service (DoS) vulnerability
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T18:26:24.456869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T18:26:27.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple Denial-of-Service (DoS) vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-26_09"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28887",
"datePublished": "2022-10-12T00:00:00.000Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-05-15T18:26:27.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28883 (GCVE-0-2022-28883)
Vulnerability from nvd – Published: 2022-08-23 15:54 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:14",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28883",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28883",
"datePublished": "2022-08-23T15:54:14",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28882 (GCVE-0-2022-28882)
Vulnerability from nvd – Published: 2022-08-23 15:54 – Updated: 2024-08-03 06:03
VLAI?
Summary
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
Severity ?
4.3 (Medium)
CWE
- Denial of Service Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:54:02",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service (DoS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28882",
"STATE": "PUBLIC",
"TITLE": "Denial-of-Service (DoS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows \u0026 Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WithSecure \u0026 F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure \u0026 WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28882",
"datePublished": "2022-08-23T15:54:02",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}