The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:* versions up to 0.91.1 (inclusive)
|31605||Mac OS X Multiple Vulnerabilities (Security Update 2008-002)||Nessus||MacOS X Local Security Checks|
|29830||ClamAV clamav-milter black-hole-mode Sendmail Recipient Field Arbitrary Command Execution||Nessus||SMTP problems|
|27747||Fedora 7 : clamav-0.91.2-2.fc7 (2007-2050)||Nessus||Fedora Local Security Checks|
|26104||GLSA-200709-14 : ClamAV: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|25969||Mandrake Linux Security Advisory : clamav (MDKSA-2007:172)||Nessus||Mandriva Local Security Checks|
|25966||Debian DSA-1366-1 : clamav - several vulnerabilities||Nessus||Debian Local Security Checks|
|4183||ClamAV < 0.91.2 Multiple Remote DoS (deprecated)||Nessus Network Monitor||Web Clients|