rpm package
suse/clamav&distro=SUSE Linux Enterprise Server 12 SP4-LTSS
pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-20052 | — | < 0.103.8-33.53.1 | 0.103.8-33.53.1 | Feb 16, 2023 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sens | ||
| CVE-2023-20032 | — | < 0.103.8-33.53.1 | 0.103.8-33.53.1 | Feb 16, 2023 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to | ||
| CVE-2022-20698 | — | < 0.103.5-33.44.1 | 0.103.5-33.44.1 | Jan 14, 2022 | A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to imp | ||
| CVE-2021-1404 | — | < 0.103.2-33.35.1 | 0.103.2-33.35.1 | Apr 8, 2021 | A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that | ||
| CVE-2021-1405 | — | < 0.103.2-33.35.1 | 0.103.2-33.35.1 | Apr 8, 2021 | A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initi | ||
| CVE-2021-1252 | — | < 0.103.2-33.35.1 | 0.103.2-33.35.1 | Apr 8, 2021 | A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling | ||
| CVE-2020-3481 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Jul 20, 2020 | A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. A | ||
| CVE-2020-3350 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Jun 18, 2020 | A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning m | ||
| CVE-2020-3341 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | May 13, 2020 | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. A | ||
| CVE-2020-3327 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | May 13, 2020 | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacke | ||
| CVE-2020-3123 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Feb 5, 2020 | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds rea | ||
| CVE-2019-15961 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Jan 15, 2020 | A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout | ||
| CVE-2019-12900 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Jun 19, 2019 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | ||
| CVE-2018-14679 | — | < 0.103.4-33.41.1 | 0.103.4-33.41.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). |
- CVE-2023-20052Feb 16, 2023affected < 0.103.8-33.53.1fixed 0.103.8-33.53.1
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sens
- CVE-2023-20032Feb 16, 2023affected < 0.103.8-33.53.1fixed 0.103.8-33.53.1
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to
- CVE-2022-20698Jan 14, 2022affected < 0.103.5-33.44.1fixed 0.103.5-33.44.1
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to imp
- CVE-2021-1404Apr 8, 2021affected < 0.103.2-33.35.1fixed 0.103.2-33.35.1
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that
- CVE-2021-1405Apr 8, 2021affected < 0.103.2-33.35.1fixed 0.103.2-33.35.1
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initi
- CVE-2021-1252Apr 8, 2021affected < 0.103.2-33.35.1fixed 0.103.2-33.35.1
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling
- CVE-2020-3481Jul 20, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. A
- CVE-2020-3350Jun 18, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning m
- CVE-2020-3341May 13, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. A
- CVE-2020-3327May 13, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacke
- CVE-2020-3123Feb 5, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds rea
- CVE-2019-15961Jan 15, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout
- CVE-2019-12900Jun 19, 2019affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
- CVE-2018-14679Jul 28, 2018affected < 0.103.4-33.41.1fixed 0.103.4-33.41.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).