38 matches found
EUVD-2021-9042
Malicious code in bioql PyPI...
EUVD-2023-24231
Malicious code in bioql PyPI...
CVE-2022-32905
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges...
CVE-2021-21871
A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current versi...
Apple's New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software
Apple on Tuesday announced an update to its next-generation macOS version that makes it a little more difficult for users to override Gatekeeper protections. Gatekeeper is a crucial line of defense built into macOS designed to ensure that only trusted apps run on the operating system. When an app...
QNAP QTS / QuTS hero Multiple Vulnerabilities in ClamAV (QSA-23-26)
The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-26 advisory. - A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7and earlier could allow an...
New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords
A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control C2 platform to exfiltrate data. It primarily affects...
Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2023-112)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-112 advisory. Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. CVE-2023-20032 A...
CBL Mariner 2.0 Security Update: clamav (CVE-2023-20052)
The version of clamav installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-20052 advisory. - On February 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A...
ClamAV < 0.103.8 / 0.104.x < 0.105.2 / 1.0.0 Multiple Vulnerabilities
According to its version, the ClamAV clamd antivirus daemon running on the remote host is prior to 0.103.8, 0.104.x prior to 0.105.2, or 1.0.0. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1...
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
Xxe
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
On Feb 15 2023 the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier 0.105.1 and earlier and 0.103.7 and earlier could allow an unauthenticated remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
...
SUSE-SU-2023:0471-1 Security update for clamav
This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser bsc1208363. - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser bsc1208365...
Fedora 36 : clamav (2023-3ba365d538)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3ba365d538 advisory. - Fix daily.cvd file - Split out documentation into separate -doc sub-package - 2128276 Please port your pcre dependency to pcre2 - Explicit...
SUSE SLES12 Security Update : clamav (SUSE-SU-2023:0453-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0453-1 advisory. - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition...
Information Disclosure
clamav is vulnerable to Information Disclosure. A vulnerability in the DMG file parser could allow an unauthenticated, remote attacker to access sensitive information on an affected device...
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...