Page 19 of 143 results (0.011 seconds)

CVSS: 10.0EPSS: 1%CPEs: 90EXPL: 0

The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." La función unmew11 en el archivo libclamav/mew.c en libclamav en ClamAV versiones anteriores a 0.92.1, presenta un impacto desconocido y vectores de ataque que desencadenan "heap corruption". • http://bugs.gentoo.org/show_bug.cgi?id=209915 http://docs.info.apple.com/article.html?artnum=307562 http://kolab.org/security/kolab-vendor-notice-19.txt http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/28907 http://secunia.com/advisories/29001 http://secunia.com/advisories/29026 http://secunia.com/advisories/29048 http://secunia.com/advisories/29060 h • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 8%CPEs: 1EXPL: 0

ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. ClamAV 0.92 no reconoce archivos codificados en Base64 UUEncode, lo cual permite a atacantes remotos evitar el escáner mediante un archivo codificado en Base64-UUEncode. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html http://secunia.com/advisories/29891 http://securityreason.com/securityalert/3501 http://www.securityfocus.com/archive/1/485631/100/0/threaded http://www.securityfocus.com/bid/27064 http://www.securitytracker.com/id?1019148 https://exchange.xforce.ibmcloud.com/vulnerabilities/39337 • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. ClamAV versión 0.92, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de tipo symlink en (1) archivos temporales usados por la función cli_gentempfd en el archivo libclamav/others.c o en (2) archivos .ascii usados por sigtool, cuando utf16-decode está habilitado. • http://kolab.org/security/kolab-vendor-notice-19.txt http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html http://secunia.com/advisories/28949 http://secunia.com/advisories/29891 http://secunia.com/advisories/31437 http://security.gentoo.org/glsa/glsa-200808-07.xml http://securityreason.com/securityalert/3501 http://securitytracker.com/id?1019148 http://www.debian.org/security/2008/dsa-1497 http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 http:&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en el algoritmo de descompresión bzip2 en nsis/bzlib_private.h de ClamAV anterior a 0.92 tiene impacto y vectores de ataque remotos desconocidos. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://osvdb.org/42293 http://secunia.com/advisories/28153 http://secunia.com/advisories/28278 http://secunia.com/advisories/28412 http://secunia.com/advisories/28421 http://secunia.com/advisories/28587 http://secunia.com/advisories/29420 http://security.gentoo.org/glsa/glsa-2007 •

CVSS: 6.8EPSS: 24%CPEs: 1EXPL: 0

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. Un error por un paso en ClamAV versiones anteriores a 0.92, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo CAB comprimido especialmente diseñado de MS-ZIP. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://secunia.com/advisories/28153 http://secunia.com/advisories/28176 http://secunia.com/advisories/28278 http://secunia.com/advisories/28412 http://secunia.com/advisories/28421 http://secunia.com/advisories/28587 http://secunia.com/advisories/29420 http://security.gentoo.org/glsa& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •