Lucene search
+L

177 matches found

OSV
OSV
added 2023/03/17 11:5 a.m.5 views

OESA-2023-1169 clamav security update

Clam AntiVirus clamav is an open source antivirus engine for detecting trojans, viruses, malware other malicious threats. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line...

9.8CVSS7.8AI score0.29314EPSS
Exploits5References3
OSV
OSV
added 2023/03/01 8:15 a.m.6 views

AZL-13724 CVE-2023-20032 affecting package clamav for versions less than 0.105.2-1

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...

9.8CVSS8.1AI score0.29314EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2023/03/01 8:0 a.m.1 views

On Feb 15 2023 the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier 0.105.1 and earlier and 0.103.7 and earlier could allow an unauthenticated remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process or else crash the process resulting in a denial of service (DoS) condition. For a description of this vulnerability see the ClamAV blog ["https://blog.clamav.net/"].

...

9.8CVSS8.8AI score0.29314EPSS
Exploits0
OSV
OSV
added 2023/02/27 8:32 a.m.2 views

USN-5887-1 clamav vulnerabilities

Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. CVE-2023-20032 Simon Scannell discovered that ClamAV incorrectly handled parsing DMG...

9.8CVSS7.2AI score0.29314EPSS
Exploits5References3
The Hacker News
The Hacker News
added 2023/02/17 5:46 a.m.5 views

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 CVSS score: 9.8, the issue relates to a case of remote code execution residing in the HFS...

9.8CVSS9AI score0.29314EPSS
Exploits8
SUSE CVE
SUSE CVE
added 2023/02/17 2:5 a.m.1 views

SUSE CVE-2023-20032

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...

9.8CVSS8AI score0.29314EPSS
Exploits0References7
OSV
OSV
added 2023/02/17 12:0 a.m.4 views

UBUNTU-CVE-2023-20032

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...

9.8CVSS7.8AI score0.29314EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.5 views

The vulnerability of ClamAV’s HFS+ partition analyzer allows a hacker to execute arbitrary code.

The vulnerability of ClamAV’s HFS+ partition analyzer relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.8AI score0.29314EPSS
Exploits0References5Affected Software5
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.4 views

SUSE CVE-2016-2334

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...

7.8CVSS8.3AI score0.14742EPSS
Exploits3References3
Veracode
Veracode
added 2020/04/10 12:30 a.m.26 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the code for the HFS and HFS Plus HFS+ file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service...

7.8CVSS2AI score0.02947EPSS
Exploits1References32Affected Software1
Veracode
Veracode
added 2020/04/10 12:30 a.m.29 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the HFS Plus HFS+ file system implementation. This could, potentially, lead to a local denial of service when write operations are performed...

7.8CVSS2.1AI score0.03294EPSS
Exploits0References21Affected Software1
Veracode
Veracode
added 2020/04/10 12:30 a.m.28 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the code for the HFS and HFS Plus HFS+ file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service...

7.8CVSS2AI score0.02904EPSS
Exploits0References25Affected Software1
OSV
OSV
added 2019/09/02 9:34 p.m.9 views

USN-4118-1 linux-aws vulnerabilities

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...

10CVSS7.3AI score0.52199EPSS
Exploits50References62
OSV
OSV
added 2019/08/13 4:1 p.m.15 views

USN-4094-1 linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...

9.8CVSS7.5AI score0.52199EPSS
Exploits37References33
OSV
OSV
added 2018/11/14 10:36 p.m.5 views

USN-3821-2 linux-lts-xenial, linux-aws vulnerabilities

USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not...

7.1CVSS7.1AI score0.02914EPSS
Exploits3References8
OSV
OSV
added 2018/11/14 10:20 p.m.16 views

USN-3821-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash. CVE-2018-10880 It...

7.1CVSS7.1AI score0.02914EPSS
Exploits3References8
OSV
OSV
added 2016/12/13 10:59 p.m.4 views

DEBIAN-CVE-2016-2334

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...

7.8CVSS8.3AI score0.14742EPSS
Exploits3References1
OSV
OSV
added 2016/12/13 10:59 p.m.4 views

UBUNTU-CVE-2016-2334

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...

7.8CVSS7.8AI score0.14742EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.30 views

Oracle Linux 5 : kernel (ELSA-2012-1323-1)

From Red Hat Security Advisory 2012:1323 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System...

7.8CVSS6.6AI score0.06158EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.263 views

RHEL 5 : kernel (RHSA-2012:1347)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1347 advisory. - kernel: Buffer overflow in the HFS plus filesystem different issue than CVE-2009-4020 CVE-2012-2319 - kernel: sfc: potential remote denial...

7.8CVSS6.9AI score0.06158EPSS
Exploits3References6
Rows per page
Query Builder