24 matches found
EUVD-2004-1869
Malware in sbrugna...
EUVD-2024-18043
Malicious code in bioql PyPI...
CBL Mariner 2.0 Security Update: clamav (CVE-2024-20328)
The version of clamav installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-20328 advisory. - A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary command...
ClamAV VirusEvent File Processing Command Injection Vulnerability
...
DEBIAN-CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
AZL-35431 CVE-2024-20328 affecting package clamav for versions less than 1.0.6-1
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
Design/Logic Flaw
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328 ClamAV VirusEvent File Processing Command Injection Vulnerability
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328 ClamAV VirusEvent File Processing Command Injection Vulnerability
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328
CVE-2024-20328 affects the ClamAV VirusEvent feature, where unsafe handling of file names can allow a local attacker to inject and execute arbitrary commands with the privileges of the application service account (local vector, low complexity). The root cause is command-line sequence processing s...
CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
Updated clamav packages fix security vulnerabilities
The updated packages fix security vulnerabilities: A possible heap overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. CVE-2024-20290 A possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. CVE-2024-20328...
Arbitrary Command Injection
clamav is vulnerable to Arbitrary Command Injection. The vulnerability is due to unsafe handling of file names within the VirusEvent feature of ClamAV and the application fails to properly sanitize file names provided to this feature, allowing for the injection of arbitrary command-line sequences...
SUSE CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
CVE-2024-20328
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...
PT-2024-1939
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account. The vulnerability is due t...
Gentoo Security Advisory GLSA 200405-03 (ClamAV)
The remote host is missing updates announced in advisory GLSA 200405-03. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2004-1876
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon clamd before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name...