Page 26 of 138 results (0.018 seconds)

CVSS: 7.5EPSS: 23%CPEs: 3EXPL: 0

Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message. Múltiples desbordamientos de búfer en los procesadores de formato de fichero NEF, CHM y FSG en libclamav for Clam AntiVirus (ClamAV) 0.86.1 y anteriores permite que atacantes remotos ganen privilegios mediante un e-mail amañado. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000987 http://marc.info/?l=bugtraq&m=112230864412932&w=2 http://secunia.com/advisories/16180 http://secunia.com/advisories/16229 http://secunia.com/advisories/16250 http://secunia.com/advisories/16296 http://secunia.com/advisories/16458 http://security.gentoo.org/glsa/glsa-200507-25.xml http://sourceforge.net/project/shownotes.php?release_id=344514 http://www.novell.com/linux/security/advisories/2005_18_sr.html http&# •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function. • http://sourceforge.net/project/shownotes.php?release_id=336462 http://www.debian.org/security/2005/dsa-737 http://www.idefense.com/application/poi/display?id=276&type=vulnerabilities&flashstatus=true •

CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 0

The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. • http://www.debian.org/security/2005/dsa-737 http://www.idefense.com/application/poi/display?id=275&type=vulnerabilities •

CVSS: 2.6EPSS: 2%CPEs: 3EXPL: 0

The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. • http://secunia.com/advisories/15811 http://sourceforge.net/project/shownotes.php?release_id=337279 http://www.debian.org/security/2005/dsa-737 http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml http://www.novell.com/linux/security/advisories/2005_38_clamav.html http://www.securityfocus.com/bid/14058 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1

Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php. • https://www.exploit-db.com/exploits/25740 http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html http://www.securityfocus.com/bid/13796 •