F Secure
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any F Secure product.
RSS Feeds for F Secure security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in F Secure products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by F Secure Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in F Secure. F Secure did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.80 |
| 2023 | 7 | 7.23 |
| 2022 | 28 | 6.56 |
| 2021 | 16 | 5.58 |
| 2020 | 1 | 0.00 |
| 2019 | 1 | 7.80 |
| 2018 | 3 | 6.10 |
It may take a day or so for new F Secure vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F Secure Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2024-7240 | Nov 22, 2024 |
F-Secure Total LP Elevation via WithSecure PLH SymlinkF-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23005. |
Total
|
| CVE-2023-49321 | Nov 27, 2023 |
WithSecure Security Suite DOS via Crafted File | 12.0 / 15+Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. |
Atlant
|
| CVE-2023-49322 | Nov 27, 2023 |
WithSecure products DoS via unpack handler crash (v15+, 17+)Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. |
Atlant
|
| CVE-2023-43760 | Sep 22, 2023 |
Denial of Service via fuzzed PE32 file in WithSecure products (v15/v17+)Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. |
Atlant
|
| CVE-2023-43761 | Sep 22, 2023 |
WithSecure Elements EP 17+ DoS (CVE-2023-43761)Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. |
Atlant
|
| CVE-2023-43765 | Sep 22, 2023 |
WithSecure AEELF Denial of Service in Client, Server, Email, Elements (v15+)Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. |
Atlant
|
| CVE-2023-43766 | Sep 22, 2023 |
Local Priv Esc via LHZ Unpack Handler in WithSecure 15/17/12.0/1.0.35-1Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. |
Atlant
|
| CVE-2023-43767 | Sep 22, 2023 |
WithSecure Products Denial of Service via aepack archive unpack handlerCertain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. |
Atlant
|
| CVE-2022-47524 | Dec 23, 2022 |
F-Secure SAFE Browser 19.1 IDN Homograph Attack (pre-19.2)F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack. |
Safe
|
| CVE-2022-45871 | Dec 13, 2022 |
DoS in WithSecure fsicapd ICAP ParserA Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request. The exploit can be triggered remotely by an attacker. |
Atlant
|
| CVE-2022-38166 | Nov 25, 2022 |
F-Secure Endpoint Protection aerdl.dll Crash (CVE-2022-38166)In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. |
Elements Endpoint Protection
|
| CVE-2022-38164 | Nov 07, 2022 |
URL Spoofing in F-Secure SAFE Browser via Malicious WebpageA vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL. |
Safe
|
| CVE-2022-38163 | Nov 07, 2022 |
Drag/Drop Spoof in F-Secure SAFE Browser <=19.0 (Android / iOS)A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. |
Safe
|
| CVE-2022-28887 | Oct 12, 2022 |
F-Secure/WithSecure aerdl.dll Unpacker Crash DoSMultiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. |
Atlant
Internet Gatekeeper
Linux Security
And others... |
| CVE-2022-28886 | Sep 23, 2022 |
DoS via infinite loop in aerdl.dll of WithSecure & FSecureA Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine |
Internet Gatekeeper
Linux Security
Cloud Protection Salesforce
And others... |
| CVE-2022-28884 | Sep 06, 2022 |
F-Secure/WithSecure aerdl.dll DoS via PE unpacking infinite loopA Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine. |
Internet Gatekeeper
Linux Security
|
| CVE-2022-28885 | Sep 06, 2022 |
WithSecure fsicapd DoS via parsing crashA Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request. |
Atlant
Linux Security
|
| CVE-2022-28882 | Aug 23, 2022 |
F-Secure/WithSecure aegen.dll DoS via PE Unpack InfLoopA Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker. |
Atlant
Internet Gatekeeper
Linux Security
And others... |
| CVE-2022-28883 | Aug 23, 2022 |
DoS via aerdl Unpack Crashes FSecure/WithSecure Scan EngineA Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker. |
Atlant
Internet Gatekeeper
Linux Security
And others... |
| CVE-2022-28881 | Aug 10, 2022 |
DoS via aerdl.dll Crash in F-Secure AtlantA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker. |
Atlant
Internet Gatekeeper
Linux Security
And others... |
| CVE-2022-28880 | Aug 05, 2022 |
F-Secure Atlant Remote DoS via PE32 Fuzzed Scan CrashA Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. |
Atlant
Internet Gatekeeper
Linux Security
And others... |
| CVE-2022-28878 | Jul 22, 2022 |
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possibleA Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine. |
Cloud Protection Salesforce
Atlant
Internet Gatekeeper
And others... |
| CVE-2022-28879 | Jul 22, 2022 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the sA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine. |
Cloud Protection Salesforce
Atlant
Internet Gatekeeper
And others... |
| CVE-2022-28876 | Jul 14, 2022 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the sA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker. |
Atlant
Linux Security
Internet Gatekeeper
And others... |
| CVE-2022-28875 | May 25, 2022 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the sA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. |
Linux Security
Cloud Protection Salesforce
Atlant
And others... |
| CVE-2022-28872 | May 12, 2022 |
A vulnerability affecting F-Secure SAFE browser was discoveredA vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop. |
Safe
|
| CVE-2022-28873 | May 12, 2022 |
A vulnerability affecting F-Secure SAFE browser was discoveredA vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks. |
Safe
|
| CVE-2022-28871 | Apr 25, 2022 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while sA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. |
Atlant
|
| CVE-2022-28868 | Apr 15, 2022 |
An Address bar spoofing vulnerability was discovered in Safe Browser for AndroidAn Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site. |
Safe
|
| CVE-2022-28869 | Apr 15, 2022 |
A vulnerability affecting F-Secure SAFE browser was discoveredA vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. |
Safe
|
| CVE-2022-28870 | Apr 15, 2022 |
A vulnerability affecting F-Secure SAFE browser was discoveredA vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. |
Safe
|
| CVE-2021-44751 | Mar 25, 2022 |
A vulnerability affecting F-Secure SAFE browser was discoveredA vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. |
Safe
|
| CVE-2021-44748 | Mar 06, 2022 |
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerabilityA vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. |
Safe
|
| CVE-2021-44749 | Mar 06, 2022 |
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handlingA vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. |
Safe
|
| CVE-2021-44747 | Mar 01, 2022 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure productsA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. |
Atlant
Elements Endpoint Protection
Internet Gatekeeper
And others... |
| CVE-2021-40837 | Feb 09, 2022 |
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the sA vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. |
Atlant
Internet Gatekeeper
Linux Security
And others... |
| CVE-2021-40836 | Dec 22, 2021 |
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-serviceA vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. |
Atlant
Internet Gatekeeper
Linux Security
And others... |
| CVE-2021-40835 | Dec 16, 2021 |
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOSAn URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar. |
Safe
|
| CVE-2021-40834 | Dec 10, 2021 |
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for AndroidA user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. |
Safe
|
| CVE-2021-40833 | Nov 26, 2021 |
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-serviceA vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. |
Atlant
Internet Gatekeeper
Linux Security
And others... |
| CVE-2021-40832 | Oct 08, 2021 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure productsA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. |
Atlant
Cloud Protection Salesforce
Elements For Microsoft 365
And others... |
| CVE-2021-33603 | Oct 08, 2021 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure productsA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. |
Atlant
Cloud Protection Salesforce
Elements For Microsoft 365
And others... |
| CVE-2021-33602 | Oct 06, 2021 |
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and thisA vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. |
Atlant
Cloud Protection
Internet Gatekeeper
And others... |
| CVE-2021-33600 | Sep 28, 2021 |
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet GatekeeperA denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product. |
Internet Gatekeeper
|
| CVE-2021-33601 | Sep 28, 2021 |
A vulnerability was discovered in the web user interface of F-Secure Internet GatekeeperA vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server. |
Internet Gatekeeper
|
| CVE-2021-33599 | Sep 07, 2021 |
A vulnerability affecting F-Secure Antivirus engine was discovered whereby sA vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine. |
Atlant
Cloud Protection Salesforce
Linux Security
And others... |
| CVE-2021-33598 | Aug 23, 2021 |
A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure productsA Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. |
Atlant
Linux Security
|
| CVE-2021-33594 | Aug 11, 2021 |
An address bar spoofing vulnerability was discovered in Safe Browser for AndroidAn address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. |
Safe
|
| CVE-2021-33595 | Aug 11, 2021 |
A address bar spoofing vulnerability was discovered in Safe Browser for iOSA address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. |
Safe
|
| CVE-2021-33597 | Aug 05, 2021 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure productsA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. |
Client Security
Linux Security
|