CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2013-7087
https://notcve.org/view.php?id=CVE-2013-7087
ClamAV before 0.97.7 has WWPack corrupt heap memory ClamAV versiones anteriores a la versión 0.97.7, tiene una memoria de la pila corrupta de WWPack. • http://security.gentoo.org/glsa/glsa-201405-08.xml http://www.openwall.com/lists/oss-security/2013/12/13/1 http://www.securityfocus.com/bid/58546 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7087 https://security-tracker.debian.org/tracker/CVE-2013-7087 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2013-7089
https://notcve.org/view.php?id=CVE-2013-7089
ClamAV before 0.97.7: dbg_printhex possible information leak ClamAV versiones anteriores a la versión 0.97.7: posible fuga de información de la función dbg_printhex. • http://security.gentoo.org/glsa/glsa-201405-08.xml http://www.openwall.com/lists/oss-security/2013/12/13/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7089 https://security-tracker.debian.org/tracker/CVE-2013-7089 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2013-7088
https://notcve.org/view.php?id=CVE-2013-7088
ClamAV before 0.97.7 has buffer overflow in the libclamav component ClamAV versiones anteriores a la versión 0.97.7, tiene un desbordamiento de búfer en el componente libclamav. • http://security.gentoo.org/glsa/glsa-201405-08.xml http://www.openwall.com/lists/oss-security/2013/12/13/1 http://www.securityfocus.com/bid/58546 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7088 https://security-tracker.debian.org/tracker/CVE-2013-7088 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.0EPSS: 13%CPEs: 60EXPL: 0CVE-2013-2020
https://notcve.org/view.php?id=CVE-2013-2020
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. Desbordamiento de entero en la función cli_scanpe en pe.c en ClamAV anterior a v0.97.8 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un desplazamiento mayor que el tamaño de las secciones PE en un paquete ejecutable UPX, que dispara un error de salida de rango en la lectura. • http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html http://lists.fedoraproject.org/pipermail/package-announce&# • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 2%CPEs: 43EXPL: 0CVE-2011-3627
https://notcve.org/view.php?id=CVE-2011-3627
The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. El motor de código de bytes en ClamAV anterior a v0.97.3 permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con el "nivel de recursividad" y (1) libclamav / bytecode.c y (2) libclamav / bytecode_api.c. • http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commitdiff%3Bh=3d664817f6ef833a17414a4ecea42004c35cc42f http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html http://secunia.com/advisories/46717 http://secunia.com/advisories/46826 http://www.openwall.com/lists/oss-security/2011/10/18/1 http://www.securityfocus.com& • CWE-189: Numeric Errors •