7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
73.0%
Software: clamav 0.102.4
OS: Cobalt 7.9
CVE-ID: CVE-2021-1386
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Dynamic Link Library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Windows Connector endpoints, ClamAV for Windows, and Immunet could allow an authenticated local attacker to execute a DLL hijacking attack on the affected Windows system. affected computer. To exploit this vulnerability, an attacker would need valid credentials on the system. The vulnerability occurs due to insufficient verification of directory search paths at runtime. An attacker can exploit this vulnerability by placing a malicious DLL file on a vulnerable system. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM privileges.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2021-1405
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) software version 0.103.1 and all previous versions could allow an unauthenticated remote attacker to cause a denial of service condition on a vulnerable device. The vulnerability occurs due to improper initialization of a variable that could result in a NULL pointer being read. An attacker could exploit this vulnerability by sending a crafted email to a vulnerable device. The exploit could allow an attacker to cause the ClamAV scanning process to fail, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2021-27506
CVE-Crit: MEDIUM
CVE-DESC: The ClamAV Engine component (version 0.103.1 and below) built into Storsmshield Network Security (SNS) is prone to DoS when parsing corrupted png files. This affects Netasq versions 9.1.0 through 9.1.11 and SNS versions 1.0.0 through 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7, and 4.2.1.
CVE-STATUS: Default
CVE-REV: Default
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
73.0%