CVSS: 5.0EPSS: 47%CPEs: 48EXPL: 1CVE-2006-5295 – Clam AntiVirus 0.88.4 - CHM Chunk Name Length Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-5295
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." Vulnerabilidad no especificada en ClamAV anterior a 0.88.5 permite a atacantes remotos provocar una denegación de servicio (caída del servicio de escaneo) mediante un archivo de Ayuda HTML comprimida (CHM) creado artesanalmente que hace que ClamAV lea una posición de memoria inválida. • https://www.exploit-db.com/exploits/2586 http://kolab.org/security/kolab-vendor-notice-13.txt http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423 http://secunia.com/advisories/22370 http://secunia.com/advisories/22421 http://secunia.com/advisories/22488 http://secunia.com/advisories/22498 http://secunia.com/advisories/22537 http://secunia.com/advisories/22551 http://secunia.com/advisories/22626 http://security.gentoo.org/glsa/glsa-200610-10.xml http:/&# •
CVSS: 7.5EPSS: 87%CPEs: 19EXPL: 3CVE-2006-4018 – Clam Anti-Virus ClamAV 0.88.x - UPX Compressed PE File Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4018
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. Desbordamiento de búfer basado en montón en la función pefromupx en libclamav/upx.c en Clam AntiVirus (ClamAV) 0.81 hasta 0.88.3 permite a atacantes remotos ejecutar código de su elección mediante un archivo empaquetado UPX manipulado que contiene secciones con valores grandes de rsize. • https://www.exploit-db.com/exploits/28348 http://kolab.org/security/kolab-vendor-notice-10.txt http://secunia.com/advisories/21368 http://secunia.com/advisories/21374 http://secunia.com/advisories/21433 http://secunia.com/advisories/21443 http://secunia.com/advisories/21457 http://secunia.com/advisories/21497 http://secunia.com/advisories/21562 http://security.gentoo.org/glsa/glsa-200608-13.xml http://securitytracker.com/id?1016645 http://www.clamav.net/security/0.88&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2006-2427
https://notcve.org/view.php?id=CVE-2006-2427
freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. • http://secunia.com/advisories/20085 http://securityreason.com/securityalert/912 http://securitytracker.com/id?1016086 http://www.digitalmunition.com/DMA%5B2006-0514a%5D.txt http://www.securityfocus.com/archive/1/434008/100/0/threaded http://www.vupen.com/english/advisories/2006/1807 https://exchange.xforce.ibmcloud.com/vulnerabilities/26453 •
CVSS: 5.1EPSS: 6%CPEs: 2EXPL: 2CVE-2006-1989
https://notcve.org/view.php?id=CVE-2006-1989
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. • http://kolab.org/security/kolab-vendor-notice-09.txt http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://secunia.com/advisories/19874 http://secunia.com/advisories/19880 http://secunia.com/advisories/19912 http://secunia.com/advisories/19963 http://secunia.com/advisories/19964 http://secunia.com/advisories/20117 http://secunia.com/advisories/20159 http://secunia.com/advisories/ •
CVSS: 5.0EPSS: 21%CPEs: 30EXPL: 0CVE-2006-1630
https://notcve.org/view.php?id=CVE-2006-1630
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html http://secunia.com/advisories/19534 http://secunia.com/advisories/19536 http://secunia.com/advisories/19564 http://secunia.com/advisories/19567 http://secunia.com/advisories/19570 http://secunia.com/advisories/19608 http://secunia.com/advisories/20077 http://secunia.com/advisories/23719 http://sourceforge.net/project/shownotes.php?release&# •