rpm package
suse/clamav&distro=SUSE Enterprise Storage 5
pkg:rpm/suse/clamav&distro=SUSE%20Enterprise%20Storage%205
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-3481 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Jul 20, 2020 | A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. A | ||
| CVE-2020-3350 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Jun 18, 2020 | A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning m | ||
| CVE-2020-3341 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | May 13, 2020 | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. A | ||
| CVE-2020-3327 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | May 13, 2020 | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacke | ||
| CVE-2020-3123 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Feb 5, 2020 | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds rea | ||
| CVE-2019-15961 | — | < 0.100.3-33.29.1 | 0.100.3-33.29.1 | Jan 15, 2020 | A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout | ||
| CVE-2019-12625 | — | < 0.100.3-33.26.1 | 0.100.3-33.26.1 | Nov 5, 2019 | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | ||
| CVE-2019-12900 | — | < 0.100.3-33.26.1 | 0.100.3-33.26.1 | Jun 19, 2019 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. |
- CVE-2020-3481Jul 20, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. A
- CVE-2020-3350Jun 18, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning m
- CVE-2020-3341May 13, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. A
- CVE-2020-3327May 13, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacke
- CVE-2020-3123Feb 5, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds rea
- CVE-2019-15961Jan 15, 2020affected < 0.100.3-33.29.1fixed 0.100.3-33.29.1
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout
- CVE-2019-12625Nov 5, 2019affected < 0.100.3-33.26.1fixed 0.100.3-33.26.1
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- CVE-2019-12900Jun 19, 2019affected < 0.100.3-33.26.1fixed 0.100.3-33.26.1
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.