963 matches found
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
UBUNTU-CVE-2020-37167
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in...
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167 ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167 ClamAV ClamBC < 0.103.0-rc - 'ClamBC' Executable Regular Expression Error
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
CVE-2020-37167
CVE-2020-37167 affects the ClamAV ClamBC bytecode interpreter, specifically the function name processing. The vulnerability arises from weak input validation in function name encoding, enabling manipulation of bytecode function names which could lead to execution of malicious bytecode or other un...
Cisco ClamAV ClamBC 代码注入漏洞
Cisco ClamAV ClamBC is a bytecode signature system developed by Cisco, Inc. Cisco ClamAV ClamBC has a code injection vulnerability, which stems from weak input validation in the handling of function names. This vulnerability could allow attackers to execute malicious bytecode or cause unexpected...
Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects
Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...
Ubuntu: Security Advisory (USN-7969-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Dungeon Crawl Stone Stoup vulnerability (USN-7969-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7969-1 advisory. David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An...
MiracleLinux 9 : java-11-openjdk-11.0.22.0.7-2.el9.ML.1 (AXSA:2024-7450:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7450:05 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...
MiracleLinux 7 : bcel-5.2-19.0.1.el7.AXS7 (AXSA:2022-4486:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-4486:01 advisory. Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing CVE-2022-42920 Tenable has extracted the preceding description block directly from...
MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.402.b06-2.el8 (AXSA:2024-7448:05)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7448:05 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...
MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.402.b06-1.el7 (AXSA:2024-7425:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7425:01 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...
USN-7969-1 crawl vulnerability
David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker could possibly use this issue to execute arbitrary code...
USN-7969-1: Dungeon Crawl Stone Stoup vulnerability
David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker could possibly use this issue to execute arbitrary code...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001407)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001407 advisory. arch/mips/net/bpfjit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of...
CVE-2024-34250
A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasmloadercheckbr" function in core/iwasm/interpreter/wasmloader.c...