177 matches found
OESA-2023-1169 clamav security update
Clam AntiVirus clamav is an open source antivirus engine for detecting trojans, viruses, malware other malicious threats. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line...
AZL-13724 CVE-2023-20032 affecting package clamav for versions less than 0.105.2-1
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...
On Feb 15 2023 the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier 0.105.1 and earlier and 0.103.7 and earlier could allow an unauthenticated remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process or else crash the process resulting in a denial of service (DoS) condition. For a description of this vulnerability see the ClamAV blog ["https://blog.clamav.net/"].
...
USN-5887-1 clamav vulnerabilities
Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. CVE-2023-20032 Simon Scannell discovered that ClamAV incorrectly handled parsing DMG...
Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software
Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 CVSS score: 9.8, the issue relates to a case of remote code execution residing in the HFS...
SUSE CVE-2023-20032
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...
UBUNTU-CVE-2023-20032
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...
The vulnerability of ClamAV’s HFS+ partition analyzer allows a hacker to execute arbitrary code.
The vulnerability of ClamAV’s HFS+ partition analyzer relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
SUSE CVE-2016-2334
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as the code for the HFS and HFS Plus HFS+ file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the HFS Plus HFS+ file system implementation. This could, potentially, lead to a local denial of service when write operations are performed...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as the code for the HFS and HFS Plus HFS+ file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service...
USN-4118-1 linux-aws vulnerabilities
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...
USN-4094-1 linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...
USN-3821-2 linux-lts-xenial, linux-aws vulnerabilities
USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not...
USN-3821-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash. CVE-2018-10880 It...
DEBIAN-CVE-2016-2334
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...
UBUNTU-CVE-2016-2334
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...
Oracle Linux 5 : kernel (ELSA-2012-1323-1)
From Red Hat Security Advisory 2012:1323 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System...
RHEL 5 : kernel (RHSA-2012:1347)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1347 advisory. - kernel: Buffer overflow in the HFS plus filesystem different issue than CVE-2009-4020 CVE-2012-2319 - kernel: sfc: potential remote denial...