168 matches found
Debian: Security Advisory (DLA-3328-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 36 : clamav (2023-3ba365d538)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3ba365d538 advisory. - Fix daily.cvd file - Split out documentation into separate -doc sub-package - 2128276 Please port your pcre dependency to pcre2 - Explicit...
SUSE SLES12 Security Update : clamav (SUSE-SU-2023:0453-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0453-1 advisory. - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser bsc1208363. - CVE-2023-20052: Fixed ...
Information Disclosure
clamav is vulnerable to Information Disclosure. A vulnerability in the DMG file parser could allow an unauthenticated, remote attacker to access sensitive information on an affected device...
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
UBUNTU-CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
CVE-2023-20052
CVE-2023-20052 affects ClamAV DMG file parser in versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. An unauthenticated attacker could exploit XML external entity substitution to cause an information leak by submitting a crafted DMG file to be scanned, potentially leaking by...
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
FreeBSD : clamav -- Multiple vulnerabilities (fd792048-ad91-11ed-a879-080027f5fec9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fd792048-ad91-11ed-a879-080027f5fec9 advisory. - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A...
ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...
SUSE CVE-2014-0145
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service crash or possibly execute arbitrary code via a large 1 L1 table in the qcow2snapshotloadtmp in the QCOW 2 block driver block/qcow2-snapshot.c or 2 uncompressed chunk, 3 chunk length...
clamav -- Multiple vulnerabilities
Simon Scannell reports: CVE-2023-20032 Fixed a possible remote code execution vulnerability in the HFS+ file parser. CVE-2023-20052 Fixed a possible remote information leak vulnerability in the DMG file parser...
CVE-2022-32905
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges...
Code injection
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges...
CVE-2022-32905
CVE-2022-32905 affects macOS Ventura 13. It allows arbitrary code execution with system privileges when processing a maliciously crafted DMG file, due to insufficient validation of symlinks. The issue is fixed in macOS Ventura 13 via improved symlink validation; mitigation is to update to Ventura...
CVE-2022-32905
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges...
Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware
Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 a...
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...