Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Clam Anti-virusClamav

18 matches found

CVE
CVEadded 2007/06/07 9:30 p.m.263 views

CVE-2007-3023

unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.

10CVSS6.2AI score0.01516EPSS
CVE
CVEadded 2007/06/07 10:30 p.m.251 views

CVE-2007-3024

libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.

2.1CVSS5.8AI score0.00056EPSS
CVE
CVEadded 2007/06/07 9:30 p.m.248 views

CVE-2007-3122

The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.

5CVSS6.2AI score0.00976EPSS
CVE
CVEadded 2007/06/07 9:30 p.m.244 views

CVE-2007-3123

unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

5CVSS6.3AI score0.02712EPSS
CVE
CVEadded 2007/06/07 10:30 p.m.233 views

CVE-2007-3025

Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.

5CVSS6.5AI score0.00584EPSS
CVE
CVEadded 2007/08/28 1:17 a.m.75 views

CVE-2007-4560

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

7.6CVSS9.7AI score0.91095EPSS
CVE
CVEadded 2007/12/20 1:46 a.m.66 views

CVE-2007-6335

Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

7.5CVSS9.7AI score0.39002EPSS
CVE
CVEadded 2007/12/20 1:46 a.m.58 views

CVE-2007-6336

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.

6.8CVSS9.4AI score0.08285EPSS
CVE
CVEadded 2007/08/23 7:17 p.m.57 views

CVE-2007-4510

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML documen...

4.3CVSS8.9AI score0.02744EPSS
CVE
CVEadded 2007/12/31 7:46 p.m.56 views

CVE-2007-6595

ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.

2.1CVSS5.9AI score0.00047EPSS
CVE
CVEadded 2007/04/16 9:19 p.m.53 views

CVE-2007-1997

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-b...

7.5CVSS9.5AI score0.11454EPSS
CVE
CVEadded 2007/04/16 9:19 p.m.52 views

CVE-2007-1745

The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third pa...

7.1CVSS7.4AI score0.05072EPSS
CVE
CVEadded 2007/12/31 7:46 p.m.49 views

CVE-2007-6596

ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.

5CVSS6.3AI score0.0031EPSS
CVE
CVEadded 2007/02/16 7:28 p.m.48 views

CVE-2007-0898

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.

6.4CVSS7.4AI score0.0124EPSS
CVE
CVEadded 2007/12/31 7:46 p.m.48 views

CVE-2007-6337

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.

10CVSS9.3AI score0.02522EPSS
CVE
CVEadded 2007/04/30 10:19 p.m.47 views

CVE-2007-2029

File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

7.8CVSS6AI score0.01166EPSS
CVE
CVEadded 2007/07/12 4:30 p.m.47 views

CVE-2007-3725

The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

4.3CVSS8.8AI score0.19066EPSS
CVE
CVEadded 2007/11/20 2:46 a.m.38 views

CVE-2007-6029

Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable a...

7.5CVSS7.4AI score0.01704EPSS