DEBIAN-CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that m...

FreeBSD : clamav -- invalid pointer read that may cause a crash (2a6106c6-73e5-11ec-8fa2-0800270512f4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a6106c6-73e5-11ec-8fa2-0800270512f4 advisory. - A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS...

clamav -- invalid pointer read that may cause a crash

Laurent Delosieres reports: Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CLSCANGENERALCOLLECTMETADATA scan option the clamscan --gen-json option is enabled...

Backdoor.Win32.Agent.cy Denial Of Service / Null Pointer

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e85a1028a52fcc723353a236ada54feeC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.cy Vulnerability: Denial of Service Description: The malware listens on TCP po...

CVE-2021-1405 Clam AntiVirus (ClamAV) PDF Parser Denial of Service Vulnerability

A vulnerability in the email parsing module in Clam AntiVirus ClamAV Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may...

CVE-2021-1405

A vulnerability in the email parsing module in Clam AntiVirus ClamAV Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may...

CVE-2021-1405 Clam AntiVirus (ClamAV) PDF Parser Denial of Service Vulnerability

A vulnerability in the email parsing module in Clam AntiVirus ClamAV Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may...

Trojan-Proxy.Win32.Daemonize.i Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/61bec9f22a5955e076e0d5ddf6232f3f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Daemonize.i Vulnerability: Remote Denial of Service Description: Daemonize.i...

The vulnerability of the gostsum check tool arises from buffer overflows during the processing of command-line parameters, allowing a malicious actor to cause a service failure.

The vulnerability of the gostsum checksum verification tool arises due to buffer overflows during the processing of command-line parameters. Exploiting this vulnerability can allow an attacker to cause a service failure in the application by entering a specially crafted sequence of data in the...

Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 7.3.13. It is, therefore, affected by multiple vulnerabilities: - Unauthorized javascript execution when disabled. - Arbitrary Write supporting remote code...

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE. The library does not merge block data properly for loops, leading to an invalid pointer read that can crash the application or cause arbitrary code to be executed...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit

Exploit for hardware platform in category dos / poc / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory...

Updated upx package fixes security vulnerability

plxelf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack CVE-2017-15056...

UBUNTU-CVE-2017-15056

plxelf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack...

DEBIAN-CVE-2017-15056

plxelf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack...

CVE-2017-15056

plxelf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack...

CVE-2017-15056

CVE-2017-15056 affects UPX 3.94 for Linux; the root cause is in p_lx_elf.cpp, where ELF headers are mishandled, enabling a crafted binary to cause a denial of service (application crash) via an Invalid Pointer Read in PackLinuxElf64::unpack(). Open-source advisories from Mageia, Fedora and openSU...

Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)

Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write MS16-039 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=707 The attached testcases crashes Windows 7 64-bit while attempting to write to an unmapped memory region. On 32-bit Windows 7 it triggers a null pointer read. Proof o...

Apple Mac OSX - Kernel Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=728 External Method 36 of IOUSBInterfaceUserClient is AbortStreamPipe. It takes two scalar inputs and uses the second one as an array index to read a pointer to a C++ object withou...

MIT krb5 lib/gssapi/krb5/iakerb.c denial of service vulnerability

Kerberos is a widely used, super-strong encryption to authenticate client-side and server-side network protocols. A denial of service vulnerability exists in MIT krb5 lib/gssapi/krb5/iakerb.c. A remote attacker can exploit this vulnerability via a constructed IAKERB message to cause a pointer rea...