clamav (SUSE:Linux Enterprise Server for SAP Applications 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 package clamav, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (21)
CVE-2017-12379 — CVSS 9.8 (critical): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2017-12377 — CVSS 9.8 (critical): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2012-6706 — CVSS 9.8 (critical): A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and…
CVE-2017-6419 — CVSS 7.8 (high): mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2017-12376 — CVSS 7.8 (high): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2017-12374 — CVSS 7.5 (high): The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to…
CVE-2015-1461 — CVSS 7.5 (high): ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to…
CVE-2015-1462 — CVSS 7.5 (high): ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds…
CVE-2017-12380 — CVSS 7.5 (high): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2017-12375 — CVSS 7.5 (high): The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to…
CVE-2014-9328 — CVSS 7.5 (high): ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds…
CVE-2015-2305 — CVSS 6.8 (medium): Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as…
CVE-2017-6420 — CVSS 5.5 (medium): The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a…
CVE-2017-11423 — CVSS 5.5 (medium): The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers…
CVE-2017-12378 — CVSS 5.5 (medium): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2017-6418 — CVSS 5.5 (medium): libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
CVE-2015-2222 — CVSS 5.0 (medium): ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
CVE-2015-2221 — CVSS 5.0 (medium): ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
CVE-2015-1463 — CVSS 5.0 (medium): ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an…
CVE-2015-2668 — CVSS 5.0 (medium): ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
CVE-2015-2170 — CVSS 5.0 (medium): The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.