Stephen Gran

**Name of the Vulnerable Software and Affected Versions** GForge version 4.5.14 **Description** The issue is related to the `write array file` function in `utils/include.pl`, which updates configuration files by truncating them to zero length and then writing new data. This might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. **Recommendations** For GForge version 4.5.14, consider modifying the `write array file` function to avoid truncating configuration files to zero length before writing new data, or apply alternative access control mechanisms to prevent potential bypass of intended restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clam AntiVirus (ClamAV) versions 0.88 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a malformed base64-encoded MIME attachment. This triggers a null pointer dereference. **Recommendations** For versions 0.88 and earlier, update to a version later than 0.88 to resolve the issue.