Total
62 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0946 | 1 Clam Anti-virus | 1 Clamav | 2016-10-17 | 7.5 HIGH | N/A |
Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command. | |||||
CVE-2005-1795 | 1 Clam Anti-virus | 1 Clamav | 2016-05-25 | 7.5 HIGH | N/A |
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. | |||||
CVE-2007-3023 | 1 Clam Anti-virus | 1 Clamav | 2012-10-30 | 10.0 HIGH | N/A |
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors. | |||||
CVE-2008-1389 | 1 Clam Anti-virus | 1 Clamav | 2011-03-07 | 5.0 MEDIUM | N/A |
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." | |||||
CVE-2007-6337 | 2 Clam Anti-virus, Gentoo | 2 Clamav, Linux | 2011-03-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. | |||||
CVE-2006-6481 | 1 Clam Anti-virus | 1 Clamav | 2011-03-07 | 5.0 MEDIUM | N/A |
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. | |||||
CVE-2005-3500 | 1 Clam Anti-virus | 1 Clamav | 2011-03-07 | 5.0 MEDIUM | N/A |
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. | |||||
CVE-2005-3303 | 1 Clam Anti-virus | 1 Clamav | 2011-03-07 | 7.5 HIGH | N/A |
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. | |||||
CVE-2008-0318 | 1 Clam Anti-virus | 1 Clamav | 2011-03-06 | 10.0 HIGH | N/A |
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. | |||||
CVE-2006-5874 | 1 Clam Anti-virus | 1 Clamav | 2010-09-14 | 5.0 MEDIUM | N/A |
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. | |||||
CVE-2005-3587 | 1 Clam Anti-virus | 1 Clamav | 2010-04-01 | 10.0 HIGH | N/A |
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. | |||||
CVE-2005-3239 | 1 Clam Anti-virus | 1 Clamav | 2010-04-01 | 7.8 HIGH | N/A |
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function. | |||||
CVE-2005-2056 | 1 Clam Anti-virus | 1 Clamav | 2008-11-14 | 2.6 LOW | N/A |
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. | |||||
CVE-2005-1800 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php. | |||||
CVE-2005-0133 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 5.0 MEDIUM | N/A |
ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers. | |||||
CVE-2005-0218 | 1 Clam Anti-virus | 1 Clamav | 2008-09-10 | 5.0 MEDIUM | N/A |
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL. | |||||
CVE-2007-6029 | 1 Clam Anti-virus | 1 Clamav | 2008-09-05 | 7.5 HIGH | N/A |
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
CVE-2007-3025 | 2 Clam Anti-virus, Sun | 2 Clamav, Solaris | 2008-09-05 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. | |||||
CVE-2007-3024 | 1 Clam Anti-virus | 1 Clamav | 2008-09-05 | 2.1 LOW | N/A |
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. | |||||
CVE-2005-1923 | 1 Clam Anti-virus | 1 Clamav | 2008-09-05 | 2.6 LOW | N/A |
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. |