DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.19 and earlier contain security...

EUVD-2007-2964

Malware in sbrugna...

EUVD-2008-5650

Malware in sbrugna...

Adobe Digital Editions < 4.5.5 Multiple Vulnerabilities (APSB17-20)

The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-20 advisory. - Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The...

Subparse - Modular Malware Analysis Artifact Collection And Correlation Framework

Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine,...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

Antaris RazorEngine has an unspecified vulnerability

Antaris RazorEngine is an open source templating engine based on Microsoft's Razor parsing engine from Matthew Abbott, a personal developer in the U.K. Antaris RazorEngine contains a security vulnerability that could be exploited by attackers to execute arbitrary .NET code in a sandboxed...

F-Secure AV parsing engine 安全漏洞

F-secure F-Secure AV parsing engine is an antivirus reconnaissance engine from the Finnish company F-Secure F-Secure. A security vulnerability exists in the F-Secure antivirus engine, which can be exploited to cause a denial of service by an attacker to decompress UPX files...

Multiple Quick Heal Products Input Validation Error Vulnerability

Quick Heal Total Security, Home Security and Total Security Multi-Device are antivirus programs from Quick Heal India. A security vulnerability exists in the AV parsing engine in several Quick Heal products. The vulnerability can be exploited by attackers to bypass virus checks with the help of...

Multiple ESET products ESET AV parsing engine input validation error vulnerability

ESET Smart Security Premium and others are products of ESET Slovakia.Smart Security Premium is a suite of antivirus programs.Internet Security is a suite of antivirus programs for Internet security.NOD32 Antivirus is a suite of antivirus programs.ESET AV The parsing engine is one of the parsing...

CVE-2020-10180

The CVE-2020-10180 issue concerns the ESET AV parsing engine where a crafted BZ2 Checksum field in an archive bypasses virus detection. Affected products and versions include Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Sec...

Design/Logic Flaw

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux...

CVE-2020-9362

The Quick Heal AV parsing engine November 2019 allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Andro...

CVE-2020-9363

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protecti...

CVE-2020-9362

The Quick Heal AV parsing engine November 2019 allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Andro...

CVE-2020-9363

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protecti...

Design/Logic Flaw

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protecti...

CVE-2020-9363

The CVE entry CVE-2020-9363 concerns the Sophos AV parsing engine prior to 2020-01-14, where a crafted ZIP archive can bypass virus detection. Affected products include Sophos Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. The under...

CVE-2020-9342

Summary: CVE-2020-9342 affects the F-Secure AV parsing engine prior to 2020-02-05, enabling a virus-detection bypass via crafted Compression Method data in a GZIP archive. Affected products/versions include Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper on Lin...

CVE-2019-15276

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...