Lucene search
K
CiscoSecure Endpoint Private Cloud

8 matches found

CVE
CVE
added 2025/01/22 4:21 p.m.492 views

CVE-2025-20128

The vulnerability CVE-2025-20128 affects ClamAV’s OLE2 file decryption. An integer underflow in a bounds check allows a heap buffer overflow read via a crafted OLE2 content file, enabling an unauthenticated remote attacker to cause a DoS by terminating the ClamAV scanning process. Cisco’s advisor...

7.5CVSS5.7AI score0.01509EPSS
CVE
CVE
added 2024/02/07 4:16 p.m.342 views

CVE-2024-20290

CVE-2024-20290 : A DoS in ClamAV due to a heap-based overflow in the OLE2 file format parser caused by an incorrect end-of-string check during scanning. Attacker-submitted crafted OLE2 content could crash the ClamAV scanning process. Connected documents confirm this vulnerability and reference mu...

7.5CVSS7.4AI score0.33558EPSS
CVE
CVE
added 2023/08/16 9:43 p.m.220 views

CVE-2023-20197

CVE-2023-20197 describes a DoS in ClamAV caused by the HFS+ filesystem image parser. The root cause is an incorrect completion-check during file decompression, which can trigger an infinite loop and make the ClamAV scanning process stop responding, consuming resources. Exploitation requires sendi...

7.5CVSS7.2AI score0.00883EPSS
CVE
CVE
added 2023/02/16 3:26 p.m.213 views

CVE-2023-20052

CVE-2023-20052 affects ClamAV DMG file parser in versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. An unauthenticated attacker could exploit XML external entity substitution to cause an information leak by submitting a crafted DMG file to be scanned, potentially leaking by...

5.3CVSS6AI score0.06675EPSS
CVE
CVE
added 2023/02/16 3:24 p.m.179 views

CVE-2023-20032

CVE-2023-20032 affects ClamAV HFS+ parser: vulnerable in versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier due to a missing buffer size check that can cause a heap buffer overflow. An unauthenticated, remote attacker could trigger arbitrary code execution with the ClamAV sc...

9.8CVSS9.6AI score0.29314EPSS
CVE
CVE
added 2023/08/18 7:55 p.m.104 views

CVE-2023-20212

CVE-2023-20212 affects ClamAV via the AutoIt module. The vulnerability stems from a logic error in memory management, exploitable by submitting a crafted AutoIt file to be scanned, potentially restarting the ClamAV scanning process and causing a DoS. Impact is described as high (availability loss...

7.5CVSS7.2AI score0.02599EPSS
CVE
CVE
added 2025/06/18 4:20 p.m.85 views

CVE-2025-20234

CVE-2025-20234 is a memory overread vulnerability in ClamAV’s UDF file processing that can be exploited by an unauthenticated attacker to cause a DoS via crafted UDF content. Affected: ClamAV UDF scanning; root cause: memory overread during UDF file scanning. Impact: DoS on the ClamAV process; no...

7.5CVSS5.4AI score0.00663EPSS
CVE
CVE
added 2023/11/22 5:9 p.m.65 views

CVE-2023-20084

CVE-2023-20084 affects Cisco Secure Endpoint for Windows. A timing issue between software components can let a local, authenticated attacker coerce a user to place a malicious file in a folder and run it within a narrow window, causing the endpoint to fail to quarantine the file or terminate the ...

5CVSS4.8AI score0.00172EPSS