Refine your search
20 vulnerabilities found for Server Security by ESET
CERTFR-2025-AVI-0727
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits ESET. Elles permettent à un attaquant de provoquer un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Server Security | Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) sans le dernier correctif de sécurité | ||
| ESET | Mail Security | Mail Security pour Microsoft Exchange Server sans le dernier correctif de sécurité | ||
| ESET | File Security | File Security pour Microsoft Azure sans le dernier correctif de sécurité | ||
| ESET | PROTECT On-Prem | PROTECT On-Prem versions 12.1.x antérieures à 12.1.11.0 | ||
| ESET | Security Ultimate | Security Ultimate sans le dernier correctif de sécurité | ||
| ESET | Endpoint Antivirus | Endpoint Antivirus pour Windows sans le dernier correctif de sécurité | ||
| ESET | Endpoint Security | Endpoint Security pour Windows sans le dernier correctif de sécurité | ||
| ESET | Security | Security pour Microsoft SharePoint Server sans le dernier correctif de sécurité | ||
| ESET | Safe Server | Safe Server sans le dernier correctif de sécurité | ||
| ESET | Small Business Security | Small Business Security sans le dernier correctif de sécurité | ||
| ESET | PROTECT On-Prem | PROTECT On-Prem versions 11.1.x antérieures à 11.1.18.0 | ||
| ESET | Smart Security Premium | Smart Security Premium sans le dernier correctif de sécurité | ||
| ESET | NOD32 Antivirus | NOD32 Antivirus sans le dernier correctif de sécurité | ||
| ESET | PROTECT On-Prem | PROTECT On-Prem versions 12.0.x antérieures à 12.0.15.0 | ||
| ESET | Mail Security | Mail Security pour IBM Domino sans le dernier correctif de sécurité | ||
| ESET | Internet Security | Internet Security sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Mail Security pour Microsoft Exchange Server sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "File Security pour Microsoft Azure sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "File Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "PROTECT On-Prem versions 12.1.x ant\u00e9rieures \u00e0 12.1.11.0",
"product": {
"name": "PROTECT On-Prem",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Security Ultimate sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Security Ultimate",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Endpoint Antivirus pour Windows sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Endpoint Security pour Windows sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Endpoint Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Security pour Microsoft SharePoint Server sans le dernier correctif de s\u00e9curit\u00e9\n\n",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Safe Server sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Safe Server",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Small Business Security sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Small Business Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "PROTECT On-Prem versions 11.1.x ant\u00e9rieures \u00e0 11.1.18.0",
"product": {
"name": "PROTECT On-Prem",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Smart Security Premium sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Smart Security Premium",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "NOD32 Antivirus sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NOD32 Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "PROTECT On-Prem versions 12.0.x ant\u00e9rieures \u00e0 12.0.15.0",
"product": {
"name": "PROTECT On-Prem",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Mail Security pour IBM Domino sans le dernier correctif de s\u00e9curit\u00e9\n",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Internet Security sans le dernier correctif de s\u00e9curit\u00e9\n",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8352"
},
{
"name": "CVE-2025-4952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4952"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
}
],
"initial_release_date": "2025-08-25T00:00:00",
"last_revision_date": "2025-08-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0727",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits ESET. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ESET",
"vendor_advisories": [
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 ESET ca8854",
"url": "https://support-feed.eset.com/link/15370/17124579/ca8854"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 ESET ca8853",
"url": "https://support-feed.eset.com/link/15370/17124580/ca8853"
}
]
}
CERTFR-2025-AVI-0623
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits ESET. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Endpoint Security | Endpoint Security versions antérieures à 11.1.2062.0 pour Windows | ||
| ESET | Small Business Security | Small Business Security versions antérieures à 18.2.14.0 | ||
| ESET | Security | Security versions 11.x antérieures à 11.1.15005.0 pour Microsoft SharePoint Server | ||
| ESET | Mail Security | Mail Security versions 11.x antérieures à 11.1.10013 pour Microsoft Exchange Server | ||
| ESET | Internet Security | Internet Security versions antérieures à 18.2.14.0 | ||
| ESET | Server Security | Server Security versions 12.x antérieures à 12.0.12005.0 pour Windows | ||
| ESET | Smart Security Premium | Smart Security Premium versions antérieures à 18.2.14.0 | ||
| ESET | Security | Security versions 12.x antérieures à 12.0.15005.0 pour Microsoft SharePoint Server | ||
| ESET | Safe Server | Safe Server versions antérieures à 18.2.14.0 | ||
| ESET | Security Ultimate | Security Ultimate versions antérieures à 18.2.14.0 | ||
| ESET | Server Security | Server Security versions 11.x antérieures à 11.1.12013.0 pour Windows | ||
| ESET | Mail Security | Mail Security versions 12.x antérieures à 12.0.10004.0 pour Microsoft Exchange Server | ||
| ESET | Endpoint Antivirus | Endpoint Antivirus versions antérieures à 12.0.2058.0 pour Windows | ||
| ESET | NOD32 Antivirus | NOD32 Antivirus versions antérieures à 18.2.14.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Endpoint Security versions ant\u00e9rieures \u00e0 11.1.2062.0 pour Windows",
"product": {
"name": "Endpoint Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Small Business Security versions ant\u00e9rieures \u00e0 18.2.14.0",
"product": {
"name": "Small Business Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Security versions 11.x ant\u00e9rieures \u00e0 11.1.15005.0 pour Microsoft SharePoint Server",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Mail Security versions 11.x ant\u00e9rieures \u00e0 11.1.10013 pour Microsoft Exchange Server",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Internet Security versions ant\u00e9rieures \u00e0 18.2.14.0",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Server Security versions 12.x ant\u00e9rieures \u00e0 12.0.12005.0 pour Windows",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Smart Security Premium versions ant\u00e9rieures \u00e0 18.2.14.0",
"product": {
"name": "Smart Security Premium",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Security versions 12.x ant\u00e9rieures \u00e0 12.0.15005.0 pour Microsoft SharePoint Server",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Safe Server versions ant\u00e9rieures \u00e0 18.2.14.0",
"product": {
"name": "Safe Server",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Security Ultimate versions ant\u00e9rieures \u00e0 18.2.14.0",
"product": {
"name": "Security Ultimate",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Server Security versions 11.x ant\u00e9rieures \u00e0 11.1.12013.0 pour Windows",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Mail Security versions 12.x ant\u00e9rieures \u00e0 12.0.10004.0 pour Microsoft Exchange Server",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Endpoint Antivirus versions ant\u00e9rieures \u00e0 12.0.2058.0 pour Windows",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "NOD32 Antivirus versions ant\u00e9rieures \u00e0 18.2.14.0",
"product": {
"name": "NOD32 Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-5028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5028"
},
{
"name": "CVE-2025-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2425"
}
],
"initial_release_date": "2025-07-25T00:00:00",
"last_revision_date": "2025-07-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0623",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits ESET. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ESET",
"vendor_advisories": [
{
"published_at": "2025-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 ESET ca8840",
"url": "https://support-feed.eset.com/link/15370/17103529/ca8840"
},
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 ESET ca8838",
"url": "https://support-feed.eset.com/link/15370/17103530/ca8838"
}
]
}
CERTFR-2025-AVI-0280
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Smart Security Premium | Smart Security Premium versions antériéures à 18.1.10.0 | ||
| ESET | Server Security | Server Security versions antérieures à 11.1.12009.0 pour Windows Server | ||
| ESET | NOD32 Antivirus | NOD32 Antivirus versions antériéures à 18.1.10.0 | ||
| ESET | Internet Security | Internet Security versions antériéures à 18.1.10.0 | ||
| ESET | Endpoint Security | Endpoint Security versions antérieures à 12.0.2045.0 | ||
| ESET | Endpoint Antivirus | Endpoint Antivirus versions antérieures à 12.0.2045.0 | ||
| ESET | Mail Security | Mail Security versions antérieures à 11.1.10011.0, 11.0.10010.0 et 10.1.10017.0 pour Microsoft Exchange Server | ||
| ESET | Security Ultimate | Security Ultimate versions antériéures à 18.1.10.0 | ||
| ESET | Endpoint Antivirus | Endpoint Antivirus versions antérieures à 11.1.2059.0 | ||
| ESET | Security | Security versions antérieures à 11.1.15003.0, 11.0.15007.0, 10.0.15008.0 pour Microsoft SharePoint Server | ||
| ESET | Safe Server | ESET Safe Server versions antérieures à 18.1.10.0 | ||
| ESET | Endpoint Security | Endpoint Security versions antérieures à 11.1.2059.0 | ||
| ESET | Small Business Security | Small Business Security versions antérieures à 18.1.10.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Smart Security Premium versions ant\u00e9ri\u00e9ures \u00e0 18.1.10.0",
"product": {
"name": "Smart Security Premium",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Server Security versions ant\u00e9rieures \u00e0 11.1.12009.0 pour Windows Server",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "NOD32 Antivirus versions ant\u00e9ri\u00e9ures \u00e0 18.1.10.0",
"product": {
"name": "NOD32 Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Internet Security versions ant\u00e9ri\u00e9ures \u00e0 18.1.10.0",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Endpoint Security versions ant\u00e9rieures \u00e0 12.0.2045.0",
"product": {
"name": "Endpoint Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Endpoint Antivirus versions ant\u00e9rieures \u00e0 12.0.2045.0",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Mail Security versions ant\u00e9rieures \u00e0 11.1.10011.0, 11.0.10010.0 et 10.1.10017.0 pour Microsoft Exchange Server",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Security Ultimate versions ant\u00e9ri\u00e9ures \u00e0 18.1.10.0",
"product": {
"name": "Security Ultimate",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Endpoint Antivirus versions ant\u00e9rieures \u00e0 11.1.2059.0",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Security versions ant\u00e9rieures \u00e0 11.1.15003.0, 11.0.15007.0, 10.0.15008.0 pour Microsoft SharePoint Server",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Safe Server versions ant\u00e9rieures \u00e0 18.1.10.0",
"product": {
"name": "Safe Server",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Endpoint Security versions ant\u00e9rieures \u00e0 11.1.2059.0",
"product": {
"name": "Endpoint Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Small Business Security versions ant\u00e9rieures \u00e0 18.1.10.0",
"product": {
"name": "Small Business Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-11859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11859"
}
],
"initial_release_date": "2025-04-07T00:00:00",
"last_revision_date": "2025-04-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0280",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits ESET. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits ESET",
"vendor_advisories": [
{
"published_at": "2025-04-04",
"title": "Bulletin de s\u00e9curit\u00e9 ESET CA8810",
"url": "https://support-feed.eset.com/link/15370/16999046/ca8810"
}
]
}
CERTFR-2024-AVI-0801
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits ESET. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Safe Server | ESET Safe Server sans le correctif de sécurité Cleaner module 1251 | ||
| ESET | Small Business Security | ESET Small Business Security sans le correctif de sécurité Cleaner module 1251 | ||
| ESET | Security Ultimate | ESET Security Ultimate sans le correctif de sécurité Cleaner module 1251 | ||
| ESET | Endpoint Security | ESET Endpoint Security sans le correctif de sécurité Cleaner module 1251 pour Windows | ||
| ESET | File Security | ESET File Security sans le correctif de sécurité Cleaner module 1251 pour Microsoft Azure | ||
| ESET | NOD32 Antivirus | ESET NOD32 Antivirus sans le correctif de sécurité Cleaner module 1251 | ||
| ESET | Internet Security | ESET Internet Security sans le correctif de sécurité Cleaner module 1251 | ||
| ESET | Mail Security | ESET Mail Security sans le correctif de sécurité Cleaner module 1251 pour Microsoft Exchange Server et IBM Domino | ||
| ESET | Smart Security Premium | ESET Smart Security Premium sans le correctif de sécurité Cleaner module 1251 | ||
| ESET | Server Security | ESET Server Security sans le correctif de sécurité Cleaner module 1251 pour Windows Server | ||
| ESET | Endpoint Security | ESET Endpoint Security versions antérieures à 8.0.7200.0 pour macOS | ||
| ESET | Cyber Security | ESET Cyber Security versions antérieures à 7.5.74.0 | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus sans le correctif de sécurité Cleaner module 1251 | ||
| ESET | Security | ESET Security sans le correctif de sécurité Cleaner module 1251 pour Microsoft SharePoint Server |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESET Safe Server sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251",
"product": {
"name": "Safe Server",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Small Business Security sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251",
"product": {
"name": "Small Business Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Security Ultimate sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251",
"product": {
"name": "Security Ultimate",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Security sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251 pour Windows",
"product": {
"name": "Endpoint Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET File Security sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251 pour Microsoft Azure",
"product": {
"name": "File Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET NOD32 Antivirus sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251",
"product": {
"name": "NOD32 Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Internet Security sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Mail Security sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251 pour Microsoft Exchange Server et IBM Domino ",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Smart Security Premium sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251",
"product": {
"name": "Smart Security Premium",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251 pour Windows Server",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Security versions ant\u00e9rieures \u00e0 8.0.7200.0 pour macOS ",
"product": {
"name": "Endpoint Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Cyber Security versions ant\u00e9rieures \u00e0 7.5.74.0 ",
"product": {
"name": "Cyber Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Security sans le correctif de s\u00e9curit\u00e9 Cleaner module 1251 pour Microsoft SharePoint Server",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-6654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6654"
},
{
"name": "CVE-2024-7400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7400"
}
],
"initial_release_date": "2024-09-23T00:00:00",
"last_revision_date": "2024-09-23T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0801",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits ESET. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ESET",
"vendor_advisories": [
{
"published_at": "2024-09-20",
"title": "Bulletin de s\u00e9curit\u00e9 ESET ca8725",
"url": "https://support-feed.eset.com/link/15370/16815452/ca8725"
},
{
"published_at": "2024-09-20",
"title": "Bulletin de s\u00e9curit\u00e9 ESET ca8726",
"url": "https://support-feed.eset.com/link/15370/16815451/ca8726"
}
]
}
CERTFR-2024-AVI-0581
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Smart Security Premium | ESET Smart Security Premium versions antérieures à 17.2.7.0 | ||
| ESET | Mail Security | ESET Mail Security versions antérieures à 11.0.10008.0 pour Microsoft Exchange Server | ||
| ESET | Security | ESET Security versions antérieures à 11.0.15004.0 pour Microsoft SharePoint Server | ||
| ESET | Server Security | ESET Server Security versions antérieures à 11.0.12012.0 pour Windows Server | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus versions antérieures à 11.1.2039.0 pour Windows | ||
| ESET | Security Ultimate | ESET Security Ultimate versions antérieures à 17.2.7.0 | ||
| ESET | Internet Security | ESET Internet Security versions antérieures à 17.2.7.0 | ||
| ESET | Endpoint Security | ESET Endpoint Security versions antérieures à 11.1.2039.0 pour Windows | ||
| ESET | NOD32 Antivirus | ESET NOD32 Antivirus versions antérieures à 17.2.7.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESET Smart Security Premium versions ant\u00e9rieures \u00e0 17.2.7.0",
"product": {
"name": "Smart Security Premium",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Mail Security versions ant\u00e9rieures \u00e0 11.0.10008.0 pour Microsoft Exchange Server",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Security versions ant\u00e9rieures \u00e0 11.0.15004.0 pour Microsoft SharePoint Server",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security versions ant\u00e9rieures \u00e0 11.0.12012.0 pour Windows Server",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus versions ant\u00e9rieures \u00e0 11.1.2039.0 pour Windows",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Security Ultimate versions ant\u00e9rieures \u00e0 17.2.7.0",
"product": {
"name": "Security Ultimate",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": " ESET Internet Security versions ant\u00e9rieures \u00e0 17.2.7.0",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Security versions ant\u00e9rieures \u00e0 11.1.2039.0 pour Windows",
"product": {
"name": "Endpoint Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET NOD32 Antivirus versions ant\u00e9rieures \u00e0 17.2.7.0",
"product": {
"name": "NOD32 Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-3779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3779"
}
],
"initial_release_date": "2024-07-15T00:00:00",
"last_revision_date": "2024-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0581",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits ESET. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits ESET",
"vendor_advisories": [
{
"published_at": "2024-07-12",
"title": "Bulletin de s\u00e9curit\u00e9 ESET ca8688",
"url": "https://support-feed.eset.com/link/15370/16741922/ca8688"
}
]
}
CERTFR-2023-AVI-1053
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Security Ultimate | ESET Security Ultimate | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus versions postérieures à 10.0 pour Linux | ||
| ESET | Server Security | ESET Server Security versions postérieures à 10.1 pour Linux | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus pour Windows | ||
| ESET | NOD32 Antivirus | ESET NOD32 Antivirus | ||
| ESET | Endpoint Security | ESET Endpoint Security pour Windows | ||
| ESET | Smart Security Premium | ESET Smart Security Premium | ||
| ESET | Mail Security | ESET Mail Security pour Microsoft Exchange Server | ||
| ESET | Internet Security | ESET Internet Security | ||
| ESET | Server Security | ESET Server Security pour Windows Server | ||
| ESET | Mail Security | ESET Mail Security pour IBM Domino | ||
| ESET | Security | ESET Security pour Microsoft SharePoint Server | ||
| ESET | File Security | ESET File Security pour Microsoft Azure |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESET Security Ultimate",
"product": {
"name": "Security Ultimate",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus versions post\u00e9rieures \u00e0 10.0 pour Linux",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security versions post\u00e9rieures \u00e0 10.1 pour Linux",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus pour Windows",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET NOD32 Antivirus",
"product": {
"name": "NOD32 Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Security pour Windows",
"product": {
"name": "Endpoint Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Smart Security Premium",
"product": {
"name": "Smart Security Premium",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Mail Security pour Microsoft Exchange Server",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Internet Security",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security pour Windows Server",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Mail Security pour IBM Domino",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Security pour Microsoft SharePoint Server",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET File Security pour Microsoft Azure",
"product": {
"name": "File Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5594"
}
],
"initial_release_date": "2023-12-22T00:00:00",
"last_revision_date": "2023-12-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 ESET\u00a0CA8562 du 20 d\u00e9cembre 2023",
"url": "https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed"
}
],
"reference": "CERTFR-2023-AVI-1053",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nproduits ESET\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits ESET",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ESET CA8562 du 20 d\u00e9cembre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0755
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits F-Secure. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | WithSecure Endpoint Protection pour Windows sans le correctif de sécurité automatique 2023-09-11_07 | ||
| ESET | Server Security | WithSecure Server Security versions 15 sans le correctif de sécurité automatique 2023-09-11_07 | ||
| ESET | Security | WithSecure Client Security versions 15 sans le correctif de sécurité automatique 2023-09-11_07 | ||
| WithSecure | N/A | WithSecure Endpoint Protection pour Mac sans le correctif de sécurité automatique 2023-09-11_07 | ||
| N/A | N/A | Linux Protection versions 12.0 sans le correctif de sécurité automatique 2023-09-11_07 | ||
| ESET | Security | Linux Security 64 versions 12.0 sans le correctif de sécurité automatique 2023-09-11_07 | ||
| ESET | Server Security | WithSecure Email and Server Security versions 15 sans le correctif de sécurité automatique 2023-09-11_07 | ||
| ESET | Security | WithSecure Client Security pour Mac versions 15 sans le correctif de sécurité automatique 2023-09-11_07 | ||
| WithSecure | N/A | WithSecure Endpoint Protection pour Linux sans le correctif de sécurité automatique 2023-09-11_07 | ||
| WithSecure | N/A | WithSecure Elements Endpoint Protection versions 17 sans le correctif de sécurité automatique 2023-09-11_07 | ||
| WithSecure | N/A | WithSecure Atlant (anciennement F-Secure Atlant) versions 1.0.35-1 sans le correctif de sécurité automatique 2023-09-11_07 | ||
| WithSecure | N/A | WithSecure Elements Endpoint Protection pour Mac 17 sans le correctif de sécurité automatique 2023-09-11_07 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WithSecure Endpoint Protection pour Windows sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "WithSecure Server Security versions 15 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "WithSecure Client Security versions 15 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "WithSecure Endpoint Protection pour Mac sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "N/A",
"vendor": {
"name": "WithSecure",
"scada": false
}
}
},
{
"description": "Linux Protection versions 12.0 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Linux Security 64 versions 12.0 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "WithSecure Email and Server Security versions 15 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "WithSecure Client Security pour Mac versions 15 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "WithSecure Endpoint Protection pour Linux sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "N/A",
"vendor": {
"name": "WithSecure",
"scada": false
}
}
},
{
"description": "WithSecure Elements Endpoint Protection versions 17 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "N/A",
"vendor": {
"name": "WithSecure",
"scada": false
}
}
},
{
"description": "WithSecure Atlant (anciennement F-Secure Atlant) versions 1.0.35-1 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "N/A",
"vendor": {
"name": "WithSecure",
"scada": false
}
}
},
{
"description": "WithSecure Elements Endpoint Protection pour Mac 17 sans le correctif de s\u00e9curit\u00e9 automatique 2023-09-11_07",
"product": {
"name": "N/A",
"vendor": {
"name": "WithSecure",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-42523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42523"
},
{
"name": "CVE-2023-42521",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42521"
},
{
"name": "CVE-2023-42524",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42524"
},
{
"name": "CVE-2023-42526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42526"
},
{
"name": "CVE-2023-42522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42522"
}
],
"initial_release_date": "2023-09-15T00:00:00",
"last_revision_date": "2023-09-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure\u00a0cve-2023-42521 du 14 septembre 2023",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-42521"
}
],
"reference": "CERTFR-2023-AVI-0755",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits F-Secure\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure cve-2023-42523 du 14 septembre 2023",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-42523"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure cve-2023-42521 du 14 septembre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure cve-2023-42526 du 14 septembre 2023",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-42526"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure cve-2023-42522 du 14 septembre 2023",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-42522"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure cve-2023-42524 du 14 septembre 2023",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-42524"
}
]
}
CERTFR-2023-AVI-0466
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Cyber Security | ESET Cyber Security versions 7.3.x antérieures à 7.3.3700.0 | ||
| ESET | Server Security | ESET Server Security pour Linux versions 9.1.x antérieures à 9.1.98.0 | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus pour Linux versions antérieures à 8.1.12.0 | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus pour Linux versions antérieures à 9.1.11.0 | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus pour macOS versions 7.x antérieures à 7.3.3600.0 | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus pour Linux versions antérieures à 9.0.10.0 | ||
| ESET | Server Security | ESET Server Security pour Linux versions 9.0.x antérieures à 9.0.466.0 | ||
| ESET | Server Security | ESET Server Security pour Linux versions antérieures à 8.1.823.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESET Cyber Security versions 7.3.x ant\u00e9rieures \u00e0 7.3.3700.0",
"product": {
"name": "Cyber Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security pour Linux versions 9.1.x ant\u00e9rieures \u00e0 9.1.98.0",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus pour Linux versions ant\u00e9rieures \u00e0 8.1.12.0",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus pour Linux versions ant\u00e9rieures \u00e0 9.1.11.0",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus pour macOS versions 7.x ant\u00e9rieures \u00e0 7.3.3600.0",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus pour Linux versions ant\u00e9rieures \u00e0 9.0.10.0",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security pour Linux versions 9.0.x ant\u00e9rieures \u00e0 9.0.466.0",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security pour Linux versions ant\u00e9rieures \u00e0 8.1.823.0",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2847"
}
],
"initial_release_date": "2023-06-15T00:00:00",
"last_revision_date": "2023-06-15T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0466",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits ESET. Elle permet \u00e0\nun attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits ESET",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ESET du 14 juin 2023",
"url": "https://support.eset.com/en/ca8447-local-privilege-escalation-vulnerability-in-eset-products-for-linux-and-macos-fixed"
}
]
}
CERTFR-2022-AVI-185
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits ESET . Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Server Security | ESET Server Security pour Linux versions 7.2.x antérieures à 7.2.578.0 | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus pour Linux versions 8.x antérieures à 8.1.7.0 | ||
| ESET | Server Security | ESET Server Security pour Linux versions 8.x antérieures à 8.1.818.0 | ||
| ESET | Endpoint Antivirus | ESET Endpoint Antivirus pour Linux versions 7.1.x antérieures à 7.1.10.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESET Server Security pour Linux versions 7.2.x ant\u00e9rieures \u00e0 7.2.578.0",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus pour Linux versions 8.x ant\u00e9rieures \u00e0 8.1.7.0",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security pour Linux versions 8.x ant\u00e9rieures \u00e0 8.1.818.0",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus pour Linux versions 7.1.x ant\u00e9rieures \u00e0 7.1.10.0",
"product": {
"name": "Endpoint Antivirus",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0615"
}
],
"initial_release_date": "2022-02-25T00:00:00",
"last_revision_date": "2022-02-25T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-185",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits ESET . Elle permet\n\u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits ESET",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ESET CA8230 du 24 f\u00e9vrier 2022",
"url": "https://support.eset.com/en/ca8230-use-after-free-vulnerability-fixed-in-eset-products-for-linux"
}
]
}
CERTFR-2022-AVI-095
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits ESET. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctif (cf. section Documentation).
Contournement provisoire
L'éditeur propose une mesure de contournement si l'installation des correctifs n'est pas envisageable (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Security | ESET Security for Microsoft SharePoint Server versions antérieures à 8.0.15006.0 (mise à jour du 16 décembre 2021) | ||
| ESET | Security | ESET Security for Microsoft SharePoint Server versions antérieures à 7.3.15002.0 (mise à jour du 12 janvier 2022) | ||
| ESET | Mail Security | ESET Mail Security for IBM Domino versions antérieures à 7.3.14003.0 (mise à jour du 26 janvier 2022) | ||
| ESET | N/A | ESET Endpoint Antivirus for Windows et ESET Endpoint Security for Windows versions antérieures à 8.0.2028.3, 8.0.2028.4, 8.0.2039.3, 8.0.2039.4, 8.0.2044.3, 8.0.2044.4, 8.1.2031.3, 8.1.2031.4, 8.1.2037.9 et 8.1.2037.10 (mise à jour du 25 janvier 2022) | ||
| ESET | N/A | ESET Endpoint Antivirus for Windows et ESET Endpoint Security for Windows versions antérieures à 7.3.2055.0 et 7.3.2055.1 (mise à jour du 31 janvier 2022) | ||
| ESET | File Security | ESET File Security for Microsoft Windows Server versions antérieures à 7.3.12008.0 (mise à jour du 12 janvier 2022) | ||
| ESET | N/A | ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security et ESET Smart Security versiosn antérieures à 15.0.19.0 (mise à jour du 8 décembre 2021) | ||
| ESET | Server Security | ESET Server Security for Microsoft Windows Server versions antérieures à 8.0.12010.0 (mise à jour du 16 décembre 2021) | ||
| ESET | Mail Security | ESET Mail Security for IBM Domino versions antérieures à 8.0.14006.0 (mise à jour du 16 décembre 2021) | ||
| ESET | Mail Security | ESET Mail Security for Microsoft Exchange Server versions antérieures à 7.3.10014.0 (mise à jour du 26 janvier 2022) | ||
| ESET | N/A | ESET Endpoint Antivirus for Windows et ESET Endpoint Security for Windows versions antérieures à 9.0.2032.6 et 9.0.2032.7 (mise à jour du 16 décembre 2021) | ||
| ESET | Mail Security | ESET Mail Security for Microsoft Exchange Server versions antérieures à 8.0.10018.0 (mise à jour du 16 décembre 2021) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESET Security for Microsoft SharePoint Server versions ant\u00e9rieures \u00e0 8.0.15006.0 (mise \u00e0 jour du 16 d\u00e9cembre 2021)",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Security for Microsoft SharePoint Server versions ant\u00e9rieures \u00e0 7.3.15002.0 (mise \u00e0 jour du 12 janvier 2022)",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Mail Security for IBM Domino versions ant\u00e9rieures \u00e0 7.3.14003.0 (mise \u00e0 jour du 26 janvier 2022)",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus for Windows et ESET Endpoint Security for Windows versions ant\u00e9rieures \u00e0 8.0.2028.3, 8.0.2028.4, 8.0.2039.3, 8.0.2039.4, 8.0.2044.3, 8.0.2044.4, 8.1.2031.3, 8.1.2031.4, 8.1.2037.9 et 8.1.2037.10 (mise \u00e0 jour du 25 janvier 2022)",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus for Windows et ESET Endpoint Security for Windows versions ant\u00e9rieures \u00e0 7.3.2055.0 et 7.3.2055.1 (mise \u00e0 jour du 31 janvier 2022)",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET File Security for Microsoft Windows Server versions ant\u00e9rieures \u00e0 7.3.12008.0 (mise \u00e0 jour du 12 janvier 2022)",
"product": {
"name": "File Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security et ESET Smart Security versiosn ant\u00e9rieures \u00e0 15.0.19.0 (mise \u00e0 jour du 8 d\u00e9cembre 2021)",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Server Security for Microsoft Windows Server versions ant\u00e9rieures \u00e0 8.0.12010.0 (mise \u00e0 jour du 16 d\u00e9cembre 2021)",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Mail Security for IBM Domino versions ant\u00e9rieures \u00e0 8.0.14006.0 (mise \u00e0 jour du 16 d\u00e9cembre 2021)",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Mail Security for Microsoft Exchange Server versions ant\u00e9rieures \u00e0 7.3.10014.0 (mise \u00e0 jour du 26 janvier 2022)",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Endpoint Antivirus for Windows et ESET Endpoint Security for Windows versions ant\u00e9rieures \u00e0 9.0.2032.6 et 9.0.2032.7 (mise \u00e0 jour du 16 d\u00e9cembre 2021)",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "ESET Mail Security for Microsoft Exchange Server versions ant\u00e9rieures \u00e0 8.0.10018.0 (mise \u00e0 jour du 16 d\u00e9cembre 2021)",
"product": {
"name": "Mail Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectif (cf. section Documentation).\n\n## Contournement provisoire\n\nL\u0027\u00e9diteur propose une mesure de contournement si l\u0027installation des\ncorrectifs n\u0027est pas envisageable (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-37852",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37852"
}
],
"initial_release_date": "2022-01-31T00:00:00",
"last_revision_date": "2022-01-31T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-095",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits ESET. Elle permet \u00e0\nun attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits ESET",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ESET du 31 janvier 2022",
"url": "https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows"
}
]
}
CERTFR-2018-AVI-269
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits F-Secure. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | N/A | F-Secure Computer Protection Premium | ||
| ESET | Server Security | F-Secure PSB Server Security | ||
| ESET | Server Security | F-Secure Server Security Premium | ||
| ESET | Server Security | F-Secure PSB Email et Server Security | ||
| ESET | Server Security | F-Secure Email et Server Security | ||
| ESET | Security | F-Secure PSB Workstation Security | ||
| ESET | Server Security | F-Secure Server Security | ||
| ESET | Security | F-Secure Client Security Premium | ||
| ESET | Security | F-Secure Client Security | ||
| Microsoft | Windows | F-Secure SAFE pour Windows | ||
| ESET | N/A | F-Secure Computer Protection | ||
| ESET | Server Security | F-Secure Email et Server Security Premium |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Computer Protection Premium",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure PSB Server Security",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Server Security Premium",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure PSB Email et Server Security",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Email et Server Security",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure PSB Workstation Security",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Server Security",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Client Security Premium",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Client Security",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure SAFE pour Windows",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Computer Protection",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Email et Server Security Premium",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2018-06-06T00:00:00",
"last_revision_date": "2018-06-06T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-269",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits F-Secure. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2018-2 du 1 juin 2018",
"url": "https://www.f-secure.com/en/web/labs_global/fsc-2018-2"
}
]
}
CERTA-2013-AVI-273
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans F-Secure . Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance au moyen d'un ActiveX.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Server Security | F-Secure Server Security version 9.20 | ||
| Microsoft | Windows | F-Secure Anti-Virus pour les serveurs Windows version 9.00 | ||
| Microsoft | N/A | F-Secure Anti-Virus pour Microsoft Exchange Server version 9.00 à 9.10 | ||
| Citrix | N/A | F-Secure Anti-Virus pour les serveurs Citrix version 9.00 | ||
| ESET | Server Security | F-Secure Email et Server Security version 9.20 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Server Security version 9.20",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour les serveurs Windows version 9.00",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour Microsoft Exchange Server version 9.00 \u00e0 9.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour les serveurs Citrix version 9.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Email et Server Security version 9.20",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2013-04-25T00:00:00",
"last_revision_date": "2013-04-25T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-273",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003eF-Secure\u003c/span\u003e . Elle permet \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance au moyen d\u0027un \u003cspan\nclass=\"textit\"\u003eActiveX\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2013-1 du 24 avril 2013",
"url": "http://www.f-secure.com/en/web/labs_global/fsc-2013-1"
}
]
}
CERTA-2010-AVI-166
Vulnerability from certfr_avis
Une vulnérabilité dans la gestion des archives 7Z, GZIP, CAB ou RAR permet de contourner le moteur de détection de l'Anti-Virus.
Description
Une vulnérabilité dans les produits F-Secure permet, à une personne malveillante, de construire des archives (7Z, GZIP, CAB ou RAR) spécialement formées contournant le moteur de détection de l'Anti-Virus. Les fichiers malveillants contenus dans ces archives ne seront donc pas détectés.
Cependant cela n'affecte pas le mécanisme de détection lorsque ces fichiers sont extraits des archives.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Security | Solutions basées sur F-Secure Protection Service pour Business - Workstation security version 9 et antérieures ; | ||
| Microsoft | Windows | F-Secure Internet Gatekeeper pour Windows 6.61 et antérieures ; | ||
| N/A | N/A | F-Secure Anti-Virus pour Linux Servers 4.65 ; | ||
| ESET | N/A | F-Secure Internet Gatekeeper pour Linux 4.02 et antérieures ; | ||
| N/A | N/A | Services basés sur F-Secure Mac Protection build 8060 et antérieures ; | ||
| ESET | Security | F-Secure Anti-Virus Linux Client Security 5.54 et antérieures ; | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security 5.54 et antérieures ; | ||
| ESET | Security | F-Secure Linux Security 7.03 et antérieures ; | ||
| ESET | N/A | F-Secure Anti-Virus pour Workstations 9 et antérieures ; | ||
| Microsoft | N/A | F-Secure Anti-Virus pour Microsoft Exchange 9 et antérieures ; | ||
| ESET | Server Security | Solutions basées sur F-Secure Protection Service pour Business - Server Security version 8 et antérieures ; | ||
| Citrix | N/A | F-Secure Anti-Virus pour Citrix Servers 9 et antérieures. | ||
| ESET | N/A | F-Secure Anti-Virus 2010 et antérieures ; | ||
| ESET | N/A | F-Secure Anti-Virus pour MIMEsweeper 5.61 et antérieures ; | ||
| Microsoft | Windows | F-Secure Anti-Virus pour Windows Servers 9 et antérieures ; | ||
| ESET | Security | F-Secure Client Security 9 et antérieures ; | ||
| ESET | N/A | Solutions basées sur F-Secure Protection Service pour Consumers version 9 et antérieures ; | ||
| ESET | Server Security | F-Secure Home Server Security 2009 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solutions bas\u00e9es sur F-Secure Protection Service pour Business - Workstation security version 9 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper pour Windows 6.61 et ant\u00e9rieures ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour Linux Servers 4.65 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper pour Linux 4.02 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Services bas\u00e9s sur F-Secure Mac Protection build 8060 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Client Security 5.54 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security 5.54 et ant\u00e9rieures ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Linux Security 7.03 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour Workstations 9 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour Microsoft Exchange 9 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Solutions bas\u00e9es sur F-Secure Protection Service pour Business - Server Security version 8 et ant\u00e9rieures ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour Citrix Servers 9 et ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2010 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour MIMEsweeper 5.61 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus pour Windows Servers 9 et ant\u00e9rieures ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Client Security 9 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Solutions bas\u00e9es sur F-Secure Protection Service pour Consumers version 9 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Home Server Security 2009 ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans les produits F-Secure permet, \u00e0 une personne\nmalveillante, de construire des archives (7Z, GZIP, CAB ou RAR)\nsp\u00e9cialement form\u00e9es contournant le moteur de d\u00e9tection de l\u0027Anti-Virus.\nLes fichiers malveillants contenus dans ces archives ne seront donc pas\nd\u00e9tect\u00e9s.\n\nCependant cela n\u0027affecte pas le m\u00e9canisme de d\u00e9tection lorsque ces\nfichiers sont extraits des archives.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2010-04-13T00:00:00",
"last_revision_date": "2010-04-13T00:00:00",
"links": [],
"reference": "CERTA-2010-AVI-166",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion des archives \u003cspan class=\"textit\"\u003e7Z,\nGZIP, CAB\u003c/span\u003e ou \u003cspan class=\"textit\"\u003eRAR\u003c/span\u003e permet de contourner\nle moteur de d\u00e9tection de l\u0027\u003cspan class=\"textit\"\u003eAnti-Virus\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2010-1 du 12 avril 2010",
"url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html"
}
]
}
CERTA-2009-AVI-465
Vulnerability from certfr_avis
Une vulnérabilité dans les produits F-Secure permet de contourner le mécanisme de détection des codes malveillants.
Description
Une vulnérabilité a été découverte dans le traitement des fichiers au format PDF par les produits F-Secure. L'exploitation de cette vulnérabilité permet de contourner le mécanisme de détection des codes malveillants.
Solution
Le problème est corrigé via la mise à jour automatique des définitions de code malveillant. Néanmoins, pour les systèmes sur lesquels cette mise à jour est désactivé, ou pour ceux non connectés à l'Internet, cette opération doit être effectuée manuellement.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | F-Secure Anti-Virus for Linux Servers version 4.65 ; | ||
| N/A | N/A | solutions basées sur F-Secure Protection Service for Consumers versions 8.00 et antérieures ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper for Linux Japanese versions 2.37 et antérieures ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper for Linux versions 3.02 et antérieures ; | ||
| ESET | Security | F-Secure Linux Security versions 7.02 et antérieures ; | ||
| Microsoft | Windows | F-Secure Internet Gatekeeper for Windows versions 6.61 et antérieures ; | ||
| N/A | N/A | F-Secure Anti-Virus versions 2009 et antérieures ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstations versions 8.0 et antérieures ; | ||
| Microsoft | N/A | F-Secure Anti-Virus for Microsoft Exchange versions 8.00 et antérieures ; | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security versions 5.54 et antérieures ; | ||
| ESET | Server Security | F-Secure Home Server Security version 2009 ; | ||
| N/A | N/A | F-Secure Anti-Virus for MIMEsweeper versions 5.61 et antérieures. | ||
| ESET | Server Security | solutions basées sur F-Secure Protection Service for Business - E-mail and Server security versions 8.00 et antérieures ; | ||
| Citrix | N/A | F-Secure Anti-Virus for Citrix Servers versions 7.00 et antérieures ; | ||
| ESET | Internet Security | F-Secure Internet Security versions 2009 et antérieures ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers versions 8.00 et antérieures ; | ||
| ESET | Security | F-Secure Client Security versions 8.01 et antérieures ; | ||
| ESET | Security | F-Secure Anti-Virus Linux Client Security versions 5.54 et antérieures ; | ||
| ESET | Security | solutions basées sur F-Secure Protection Service for Business - Workstation security versions 8.00 et antérieures ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Anti-Virus for Linux Servers version 4.65 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "solutions bas\u00e9es sur F-Secure Protection Service for Consumers versions 8.00 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux Japanese versions 2.37 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux versions 3.02 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Linux Security versions 7.02 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Windows versions 6.61 et ant\u00e9rieures ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus versions 2009 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstations versions 8.0 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Microsoft Exchange versions 8.00 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security versions 5.54 et ant\u00e9rieures ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Home Server Security version 2009 ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MIMEsweeper versions 5.61 et ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "solutions bas\u00e9es sur F-Secure Protection Service for Business - E-mail and Server security versions 8.00 et ant\u00e9rieures ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Citrix Servers versions 7.00 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security versions 2009 et ant\u00e9rieures ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers versions 8.00 et ant\u00e9rieures ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Client Security versions 8.01 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Client Security versions 5.54 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "solutions bas\u00e9es sur F-Secure Protection Service for Business - Workstation security versions 8.00 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des fichiers au\nformat PDF par les produits F-Secure. L\u0027exploitation de cette\nvuln\u00e9rabilit\u00e9 permet de contourner le m\u00e9canisme de d\u00e9tection des codes\nmalveillants.\n\n## Solution\n\nLe probl\u00e8me est corrig\u00e9 via la mise \u00e0 jour automatique des d\u00e9finitions\nde code malveillant. N\u00e9anmoins, pour les syst\u00e8mes sur lesquels cette\nmise \u00e0 jour est d\u00e9sactiv\u00e9, ou pour ceux non connect\u00e9s \u00e0 l\u0027Internet,\ncette op\u00e9ration doit \u00eatre effectu\u00e9e manuellement.\n",
"cves": [],
"initial_release_date": "2009-10-30T00:00:00",
"last_revision_date": "2009-10-30T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-465",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-10-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans les produits \u003cspan class=\"textit\"\u003eF-Secure\u003c/span\u003e\npermet de contourner le m\u00e9canisme de d\u00e9tection des codes malveillants.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FSC-2009-3 du 29 octobre 2009",
"url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-3.html"
}
]
}
CERTA-2008-AVI-517
Vulnerability from certfr_avis
Une vulnérabilité dans de nombreux produits F-Secure permet l'exécution de code arbitraire à distance.
Description
Une vulnérabilité a été découverte lors du traitement des archives RPM par de nombreux produits F-Secure. Cette vulnérabilité n'est exploitable que si l'antivirus a été configuré pour analyser les fichiers contenus dans l'archive. Elle permet l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Internet Security | F-Secure Internet Security 2006 ; | ||
| ESET | Internet Security | F-Secure Internet Security 2007 Second Edition ; | ||
| ESET | Internet Security | F-Secure Internet Security 2007 ; | ||
| ESET | Security | F-Secure Client Security versions 7.12 et antérieures ; | ||
| N/A | N/A | F-Secure Antivirus 2007 Second Edition ; | ||
| N/A | N/A | produits basés sur F-Secure Protection Service for Consumers versions 8.00 et antérieures ; | ||
| ESET | Security | F-Secure Anti-Virus Client Security versions 5.54 et antérieures ; | ||
| N/A | N/A | produits basés sur F-Secure Protection Service for Business versions 3.10 et antérieures ; | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security versions 5.54 et antérieures ; | ||
| ESET | N/A | F-Secure Antivirus 2008 ; | ||
| N/A | N/A | F-Secure Anti-Virus for Linux Servers version 4.65. | ||
| ESET | N/A | F-Secure Anti-Virus for Workstations versions 7.11 et antérieures ; | ||
| Citrix | N/A | F-Secure Anti-Virus for Citrix Servers versions 7.00 et antérieures ; | ||
| N/A | N/A | F-Secure Antivirus 2007 ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers versions 8.00 et antérieures ; | ||
| ESET | Security | F-Secure Linux Security versions 7.01 et antérieures ; | ||
| ESET | N/A | F-Secure Antivirus 2006 ; | ||
| ESET | Internet Security | F-Secure Internet Security 2008 ; | ||
| ESET | Server Security | F-Secure Home Server Security 2009 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Internet Security 2006 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2007 Second Edition ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2007 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Client Security versions 7.12 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Antivirus 2007 Second Edition ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "produits bas\u00e9s sur F-Secure Protection Service for Consumers versions 8.00 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Client Security versions 5.54 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "produits bas\u00e9s sur F-Secure Protection Service for Business versions 3.10 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security versions 5.54 et ant\u00e9rieures ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Antivirus 2008 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Servers version 4.65.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstations versions 7.11 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Citrix Servers versions 7.00 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Antivirus 2007 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers versions 8.00 et ant\u00e9rieures ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Linux Security versions 7.01 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Antivirus 2006 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2008 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Home Server Security 2009 ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte lors du traitement des archives RPM\npar de nombreux produits F-Secure. Cette vuln\u00e9rabilit\u00e9 n\u0027est exploitable\nque si l\u0027antivirus a \u00e9t\u00e9 configur\u00e9 pour analyser les fichiers contenus\ndans l\u0027archive. Elle permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2008-10-22T00:00:00",
"last_revision_date": "2008-10-22T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-517",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans de nombreux produits \u003cspan\nclass=\"textit\"\u003eF-Secure\u003c/span\u003e permet l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2008-3 du 21 octobre 2008",
"url": "http://www.f-secure.com/security/fsc-2008-3.shtml"
}
]
}
CERTA-2008-AVI-085
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans la majorité des produits F-Secure. Cette vulnérabilité permet à un utilisateur malintentionné de passer outre le filtre de l'anti-virus.
Description
Une vulnérabilité a été découverte dans le traitement des fichiers au format RAR et CAB par les produits F-Secure. Cette vulnérabilité peut être exploitée via un fichier spécifiquement conçu et contourner ainsi le filtrage mis en place.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Security | F-Secure Anti-Virus Client Security 7.01 ; | ||
| ESET | Internet Security | F-Secure Internet Security 2006 ; | ||
| ESET | Security | F-Secure Anti-Virus Linux Client Security 5.53 ; | ||
| ESET | Internet Security | F-Secure Internet Security 2007 Second Edition ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers 7.00 ; | ||
| N/A | N/A | F-Secure Anti-Virus 2006 ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstations 5.44 ; | ||
| ESET | Internet Security | F-Secure Internet Security 2007 ; | ||
| ESET | Security | F-Secure Anti-Virus Client Security 6.02 ; | ||
| N/A | N/A | F-Secure Anti-Virus 2007, version 7.02 ; | ||
| ESET | Security | F-Secure Anti-Virus Client Security 6.03 ; | ||
| ESET | Security | F-Secure Anti-Virus Linux Client Security 5.52 ; | ||
| N/A | N/A | F-Secure Anti-Virus for MIMEsweeper 5.61 ; | ||
| Microsoft | N/A | F-Secure Anti-Virus for Microsoft Exchange 7.0 ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstations 7.10 ; | ||
| ESET | Security | F-Secure Messaging Security Gateway 4.0.7 and earlier. | ||
| Microsoft | Windows | F-Secure Internet Gatekeeper 6.61, Windows ; | ||
| N/A | N/A | F-Secure Anti-Virus for Linux 4.65 ; | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security 5.53 ; | ||
| ESET | Security | F-Secure Anti-Virus Client Security 7.10 ; | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security 5.52 ; | ||
| Microsoft | N/A | F-Secure Anti-Virus for Microsoft Exchange 6.62 ; | ||
| Citrix | N/A | F-Secure Anti-Virus for Citrix Servers 5.52 ; | ||
| N/A | N/A | F-Secure Protection Service for Consumers version 7.00 et versions précédentes ; | ||
| N/A | N/A | F-Secure Protection Service for Business version 3.00 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus 2007 ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers 5.52 ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper for Linux 2.16 ; | ||
| ESET | Internet Security | F-Secure Internet Security 2008 ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstations 7.00 ; | ||
| N/A | N/A | F-Secure Anti-Virus 2008 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Anti-Virus Client Security 7.01 ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2006 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Client Security 5.53 ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2007 Second Edition ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers 7.00 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2006 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstations 5.44 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2007 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Client Security 6.02 ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2007, version 7.02 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Client Security 6.03 ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Client Security 5.52 ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MIMEsweeper 5.61 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Microsoft Exchange 7.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstations 7.10 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Messaging Security Gateway 4.0.7 and earlier.",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper 6.61, Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux 4.65 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security 5.53 ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Client Security 7.10 ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security 5.52 ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Microsoft Exchange 6.62 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Citrix Servers 5.52 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Protection Service for Consumers version 7.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Protection Service for Business version 3.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2007 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers 5.52 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux 2.16 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2008 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstations 7.00 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2008 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des fichiers au\nformat RAR et CAB par les produits F-Secure. Cette vuln\u00e9rabilit\u00e9 peut\n\u00eatre exploit\u00e9e via un fichier sp\u00e9cifiquement con\u00e7u et contourner ainsi\nle filtrage mis en place.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2008-02-14T00:00:00",
"last_revision_date": "2008-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure num\u00e9ro FSC-2008-1 du 13 f\u00e9vrier 2008 :",
"url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
}
],
"reference": "CERTA-2008-AVI-085",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la majorit\u00e9 des produits\nF-Secure. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur malintentionn\u00e9 de\npasser outre le filtre de l\u0027anti-virus.\n",
"title": "Vuln\u00e9rabilit\u00e9 des produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure num\u00e9ro FSC-2008-1 du 13 f\u00e9vrier 2008",
"url": null
}
]
}
CERTA-2007-AVI-272
Vulnerability from certfr_avis
Une vulnérabilité dans le traitement des archives LHA et RAR par les produits F-Secure permet de contourner le mécanisme de détection des codes malveillants.
Description
Une vulnérabilité a été découverte dans le traitement des archives LHA et RAR par les produits F-Secure. Un utilisateur malintentionné peut modifier les en-têtes d'un fichier archive LHA ou RAR de telle sorte que celui-ci échappera à la détection par les produits F-Secure des codes malveillants.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | N/A | F-Secure Anti-Virus for MIMEsweeper versions 5.61 et antérieures ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstations versions 7.00 et antérieures ; | ||
| N/A | N/A | F-Secure Anti-Virus for Linux Servers versions 4.65 et antérieures ; | ||
| ESET | N/A | solutions basées sur F-Secure Protection Service for Consumers versions 7.00 et antérieures ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper for Linux versions 2.16 et antérieures. | ||
| Citrix | N/A | F-Secure Anti-Virus for Citrix Servers version 5.52 ; | ||
| ESET | Security | F-Secure Client Security versions 7.00 et antérieures ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper versions 6.61 et antérieures ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers versions 7.00 et antérieures ; | ||
| ESET | Security | F-Secure Linux Client Security versions 5.52 et antérieures ; | ||
| N/A | N/A | F-Secure Anti-Virus for MS Exchange versions 7.00 et antérieures ; | ||
| ESET | Internet Security | F-Secure Internet Security 2005, 2006 et 2007 ; | ||
| ESET | Server Security | F-Secure Linux Server Security versions 5.52 et antérieures ; | ||
| ESET | N/A | F-Secure Anti-Virus for Linux Gateways versions 4.65 et antérieures ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Anti-Virus for MIMEsweeper versions 5.61 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstations versions 7.00 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Servers versions 4.65 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "solutions bas\u00e9es sur F-Secure Protection Service for Consumers versions 7.00 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux versions 2.16 et ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Citrix Servers version 5.52 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Client Security versions 7.00 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper versions 6.61 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers versions 7.00 et ant\u00e9rieures ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Linux Client Security versions 5.52 et ant\u00e9rieures ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MS Exchange versions 7.00 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2005, 2006 et 2007 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Linux Server Security versions 5.52 et ant\u00e9rieures ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Gateways versions 4.65 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des archives LHA\net RAR par les produits F-Secure. Un utilisateur malintentionn\u00e9 peut\nmodifier les en-t\u00eates d\u0027un fichier archive LHA ou RAR de telle sorte que\ncelui-ci \u00e9chappera \u00e0 la d\u00e9tection par les produits F-Secure des codes\nmalveillants.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2007-06-20T00:00:00",
"last_revision_date": "2007-06-20T00:00:00",
"links": [],
"reference": "CERTA-2007-AVI-272",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le traitement des archives LHA et RAR par les\nproduits \u003cspan class=\"textit\"\u003eF-Secure\u003c/span\u003e permet de contourner le\nm\u00e9canisme de d\u00e9tection des codes malveillants.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2007-5 du 19 juin 2007",
"url": "http://www.f-secure.com/security/fsc-2007-5.shtml"
}
]
}
CERTA-2007-AVI-244
Vulnerability from certfr_avis
De multiples vulnérabilités touchent les produits anti-virus de l'éditeur F-Secure. L'exploitation de ces vulnérabilités permet de réaliser de nombreuses actions malveillantes, allant du déni de service à l'exécution de code arbitraire à distance.
Description
Trois vulnérabilités ont été découvertes dans les produits anti-virus de l'éditeur F-Secure :
- la première est due à un mauvais traitement des archives au format LHA, entrainant un débordement de mémoire. Cette vulnérabilité peut être exploitée via une archive spécialement construite afin d'exécuter du code arbitraire à distance ;
- la deuxième est due au mauvais traitement de certaines archives ou certains exécutables compressés, entrainant une boucle infinie. Cette vulnérabilité peut être exploitée via une archive ou un exécutable spécialement construit afin de causer un déni de service à distance de l'antivirus ;
- la troisième est due à une erreur dans le module d'analyse en temps-réel. Cette vulnérabilité peut être exploitée à distance afin d'exécuter du code avec des privilèges élevés.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Security | F-Secure Anti-virus Linux Client Security 5.x ; | ||
| N/A | N/A | F-Secure Anti-virus for Linux 4.x ; | ||
| ESET | Internet Security | F-Secure Internet Security 2006 ; | ||
| N/A | N/A | F-Secure Anti-virus 2005 ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper 6.x ; | ||
| ESET | Server Security | F-Secure Anti-virus Linux Server Security 5.x ; | ||
| N/A | N/A | F-Secure Anti-virus 5.x ; | ||
| N/A | N/A | F-Secure Anti-virus for MIMEsweeper 5.x ; | ||
| Citrix | N/A | F-Secure Anti-virus for Citrix Servers 5.x ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper for Linux 2.x ; | ||
| ESET | Internet Security | F-Secure Internet Security 2005 ; | ||
| N/A | N/A | F-Secure Anti-virus for Workstation 7.x ; | ||
| ESET | Security | F-Secure Anti-virus Client Security 7.x ; | ||
| N/A | N/A | F-Secure Anti-virus 2006 ; | ||
| N/A | N/A | F-Secure Anti-virus for Workstation 5.x ; | ||
| ESET | Internet Security | F-Secure Internet Security 2007. | ||
| N/A | N/A | F-Secure Anti-virus 2007 ; | ||
| Microsoft | Windows | F-Secure Anti-virus for Windows Servers 5.x ; | ||
| ESET | Security | F-Secure Anti-virus Client Security 6.x ; | ||
| Microsoft | N/A | F-Secure Anti-virus for Microsoft Exchange 6.x | ||
| Microsoft | Windows | F-Secure Anti-virus for Windows Servers 7.x ; |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Anti-virus Linux Client Security 5.x ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus for Linux 4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2006 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus 2005 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus Linux Server Security 5.x ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus for MIMEsweeper 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus for Citrix Servers 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux 2.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2005 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus for Workstation 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus Client Security 7.x ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus 2006 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus for Workstation 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2007.",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus 2007 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus for Windows Servers 5.x ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus Client Security 6.x ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus for Microsoft Exchange 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-virus for Windows Servers 7.x ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits anti-virus de\nl\u0027\u00e9diteur F-Secure :\n\n- la premi\u00e8re est due \u00e0 un mauvais traitement des archives au format\n LHA, entrainant un d\u00e9bordement de m\u00e9moire. Cette vuln\u00e9rabilit\u00e9 peut\n \u00eatre exploit\u00e9e via une archive sp\u00e9cialement construite afin\n d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ;\n- la deuxi\u00e8me est due au mauvais traitement de certaines archives ou\n certains ex\u00e9cutables compress\u00e9s, entrainant une boucle infinie.\n Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e via une archive ou un\n ex\u00e9cutable sp\u00e9cialement construit afin de causer un d\u00e9ni de service\n \u00e0 distance de l\u0027antivirus ;\n- la troisi\u00e8me est due \u00e0 une erreur dans le module d\u0027analyse en\n temps-r\u00e9el. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e \u00e0 distance afin\n d\u0027ex\u00e9cuter du code avec des privil\u00e8ges \u00e9lev\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-2965",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2965"
},
{
"name": "CVE-2007-2967",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2967"
},
{
"name": "CVE-2007-2966",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2966"
}
],
"initial_release_date": "2007-06-01T00:00:00",
"last_revision_date": "2007-06-01T00:00:00",
"links": [
{
"title": "Site de l\u0027\u00e9diteur :",
"url": "http://www.f-secure.com"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 FSC-2007-2 du 30 mai 2007 :",
"url": "http://www.f-secure.com/security/fsc-2007-2.shtml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 FSC-2007-4 du 30 mai 2007 :",
"url": "http://www.f-secure.com/security/fsc-2007-4.shtml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 FSC-2007-3 du 30 mai 2007 :",
"url": "http://www.f-secure.com/security/fsc-2007-3.shtml"
}
],
"reference": "CERTA-2007-AVI-244",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-06-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s touchent les produits anti-virus de\nl\u0027\u00e9diteur F-Secure. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de\nr\u00e9aliser de nombreuses actions malveillantes, allant du d\u00e9ni de service\n\u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s des produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de mise \u00e0 jour F-Secure du 30 mai 2007",
"url": null
}
]
}
CERTA-2005-AVI-065
Vulnerability from certfr_avis
Une vulnérabilité présente dans divers produits F-Secure lors du traitement des fichiers compressés au format ARJ permet l'exécution de code arbitraire.
Description
Une vulnérabilité de type débordement de la mémoire tampon a été découverte dans de nombreux produits F-Secure. Cette vulnérabilité permet à un utilisateur mal intentionné de faire exécuter un code arbitraire sur le système vulnérable au moyen d'un fichier compressé au format ARJ malicieusement constitué.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | F-Secure Anti-Virus for Linux Servers version 4.61 et versions précédentes ; | ||
| Citrix | N/A | F-Secure Anti-Virus for Citrix Servers version 5.50 et versions précédentes ; | ||
| Citrix | N/A | F-Secure Anti-Virus for Linux Workstations version 4.52 et versions précédentes ; | ||
| Citrix | N/A | F-Secure Anti-Virus for Linux Gateways version 4.61 et versions précédentes ; | ||
| Citrix | N/A | F-Secure Internet Gatekeeper version 6.41 et versions précédentes ; | ||
| N/A | N/A | F-Secure Personal Express version 5.10 et versions précédentes ; | ||
| ESET | Security | F-Secure Anti-Virus Linux Client Security version 5.01 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for Firewalls version 6.20 et versions précédentes ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers version 5.50 et versions précédentes ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper for Linux version 2.06 et versions précédentes. | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security version 5.01 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for MIMEsweeper version 5.51 et versions précédentes ; | ||
| ESET | Security | F-Secure Anti-Virus Client Security version 5.55 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus 2004 et 2005 ; | ||
| Samba | N/A | F-Secure Anti-Virus for Samba Servers version 4.60 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for MS Exchange version 6.31 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstation version 5.43 et versions précédentes ; | ||
| ESET | Internet Security | F-Secure Internet Security 2004 et 2005 ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Anti-Virus for Linux Servers version 4.61 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Citrix Servers version 5.50 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Workstations version 4.52 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Gateways version 4.61 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper version 6.41 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "F-Secure Personal Express version 5.10 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Client Security version 5.01 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Firewalls version 6.20 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers version 5.50 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux version 2.06 et versions pr\u00e9c\u00e9dentes.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security version 5.01 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MIMEsweeper version 5.51 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Client Security version 5.55 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2004 et 2005 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Samba Servers version 4.60 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MS Exchange version 6.31 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstation version 5.43 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2004 et 2005 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de la m\u00e9moire tampon a \u00e9t\u00e9\nd\u00e9couverte dans de nombreux produits F-Secure. Cette vuln\u00e9rabilit\u00e9\npermet \u00e0 un utilisateur mal intentionn\u00e9 de faire ex\u00e9cuter un code\narbitraire sur le syst\u00e8me vuln\u00e9rable au moyen d\u0027un fichier compress\u00e9 au\nformat ARJ malicieusement constitu\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. Documentation).\n",
"cves": [],
"initial_release_date": "2005-02-11T00:00:00",
"last_revision_date": "2005-02-14T00:00:00",
"links": [
{
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 du paquetage NetBSD fprot-workstation-bin :",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/security/fprot-workstation-bin/README.html"
},
{
"title": "Site Internet de F-Secure :",
"url": "http://www.f-secure.com"
}
],
"reference": "CERTA-2005-AVI-065",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-02-11T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 NetBSD.",
"revision_date": "2005-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans divers produits F-Secure lors du\ntraitement des fichiers compress\u00e9s au format ARJ permet l\u0027ex\u00e9cution de\ncode arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2005-1 du 10 f\u00e9vrier 2005",
"url": "http://www.f-secure.com/security/fsc-2005-1.shtml"
}
]
}
CERTA-2004-AVI-380
Vulnerability from certfr_avis
None
Description
Une vulnérabilité dans le traitement des archives au format ZIP permet à un programme malicieux, contenu à l'intérieur d'une archive au format ZIP habilement constituée, de ne pas être analysé et détecté.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | F-Secure Anti-Virus for Linux Servers version 4.61 et versions précédentes ; | ||
| N/A | N/A | F-Secure Personal Express version 5.00 et versions précédentes ; | ||
| ESET | Security | F-Secure Anti-Virus Linux Client Security version 5.00 et versions précédentes ; | ||
| Samba | N/A | F-Secure Internet Gatekeeper for Linux version 2.06 et versions précédentes. | ||
| N/A | N/A | F-Secure Anti-Virus for Firewalls version 6.20 et versions précédentes ; | ||
| Microsoft | Windows | F-Secure Anti-Virus for Windows Servers version 5.50 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for Linux Workstations version 4.52 et versions précédentes ; | ||
| N/A | N/A | F-Secure Internet Gatekeeper version 6.41 et versions précédentes ; | ||
| ESET | Security | F-Secure Anti-Virus Client Security version 5.55 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for MS Exchange version 6.01 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus 2004 et 2005 ; | ||
| ESET | Server Security | F-Secure Anti-Virus Linux Server Security version 5.00 et versions précédentes ; | ||
| Samba | N/A | F-Secure Anti-Virus for Samba Servers version 4.60 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for MIMEsweeper version 5.50 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for MS Exchange version 6.31 et versions précédentes ; | ||
| N/A | N/A | F-Secure Anti-Virus for Workstation version 5.43 et versions précédentes ; | ||
| ESET | Internet Security | F-Secure Internet Security 2004 et 2005 ; | ||
| Samba | N/A | F-Secure Anti-Virus for Linux Gateways version 4.61 et versions précédentes ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F-Secure Anti-Virus for Linux Servers version 4.61 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Personal Express version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Client Security version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper for Linux version 2.06 et versions pr\u00e9c\u00e9dentes.",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Firewalls version 6.20 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Windows Servers version 5.50 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Workstations version 4.52 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Internet Gatekeeper version 6.41 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Client Security version 5.55 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MS Exchange version 6.01 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus 2004 et 2005 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus Linux Server Security version 5.00 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "Server Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Samba Servers version 4.60 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MIMEsweeper version 5.50 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for MS Exchange version 6.31 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Workstation version 5.43 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "F-Secure Internet Security 2004 et 2005 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "F-Secure Anti-Virus for Linux Gateways version 4.61 et versions pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Samba",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement des archives au format ZIP permet \u00e0\nun programme malicieux, contenu \u00e0 l\u0027int\u00e9rieur d\u0027une archive au format\nZIP habilement constitu\u00e9e, de ne pas \u00eatre analys\u00e9 et d\u00e9tect\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. Documentation).\n",
"cves": [],
"initial_release_date": "2004-11-24T00:00:00",
"last_revision_date": "2004-11-24T00:00:00",
"links": [
{
"title": "Site Internet de F-Secure :",
"url": "http://www.f-secure.com"
}
],
"reference": "CERTA-2004-AVI-380",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 de l\u0027antivirus F-Secure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F-Secure FSC-2004-3",
"url": "http://www.f-secure.com/security/fsc-2004-3.shtml"
}
]
}