Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

The parsing engine for various Bitdefender products supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (HOST_OS) so that it can be accessed by an end-user but not the anti-virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (Compressed Size) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (RAR Compression Information) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

The Bitdefender parsing engine supports the GZIP archive format. The parsing engine can be bypassed by specifically manipulating a GZIP Archive (Compression Method) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

The Air Contacts Lite iPhone / iPod application suffers from a denial of service vulnerability.

Zero Day Initiative Advisory 11-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. As the result is not checked for overflow, the subsequent allocation can be undersized. Later when copying into this buffer, memory can be corrupted leading to arbitrary code execution under the context of the mobile user on the iPhone.

Secunia Security Advisory - A vulnerability has been reported in Apple iPhone iOS, which can be exploited by malicious people to compromise a vulnerable device.

Secunia Security Advisory - Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device.

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

The Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.

Red Hat Security Advisory 2020-1561-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. HTTP request smuggling vulnerabilities were addressed.

Red Hat Security Advisory 2020-1660-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include an open redirection vulnerability.

Red Hat Security Advisory 2020-1792-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include buffer overflow and double free vulnerabilities.

Red Hat Security Advisory 2020-1725-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2020-1576-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2020-1624-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, information leakage, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2020-1962-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Issues addressed include an HTTP request smuggling vulnerability.

Red Hat Security Advisory 2020-1963-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.

Red Hat Security Advisory 2020-1970-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.122. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-1981-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.129. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2020-1936-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include HTTP request smuggling and out of bounds write vulnerabilities.

Red Hat Security Advisory 2020-2033-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2032-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2031-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2037-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2036-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2039-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2020-2038-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2020-2041-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2020-2040-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2020-0431-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

Red Hat Security Advisory 2020-0515-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

Red Hat Security Advisory 2020-0559-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability was addressed.

Red Hat Security Advisory 2020-0568-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability was addressed.

Ubuntu Security Notice 4294-1 - It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem.