cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20290,https://securityvulnerability.io/vulnerability/CVE-2024-20290,ClamAV OLE2 File Format Parser Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the OLE2 file format parser within ClamAV, allowing unauthenticated remote attackers to trigger a denial of service (DoS) on devices utilizing this software. This issue stems from an improper verification of end-of-string values during file scanning processes, leading to potential heap buffer over-reads. By submitting specially crafted files containing OLE2 content for scanning, an attacker could effectively terminate the ClamAV scanning service, which results in a DoS condition while simultaneously consuming the system's available resources. Immediate attention to affected versions is crucial to ensure operational integrity.",Cisco,"Cisco Secure Endpoint,Cisco Secure Endpoint Private Cloud Administration Portal,Cisco Secure Endpoint Private Cloud Console",7.5,HIGH,0.0009899999713525176,false,,true,false,true,2024-11-07T21:15:08.000Z,,false,false,,2024-02-07T16:16:00.975Z,0
CVE-2023-20032,https://securityvulnerability.io/vulnerability/CVE-2023-20032,Buffer Overflow Vulnerability in ClamAV Scanning Library Affecting Multiple Versions,"On February 15, 2023, a vulnerability was disclosed in the HFS+ partition file parser of ClamAV, enabling potential malicious exploitation. The flaw arises from a lack of buffer size verification, leading to the possibility of a heap buffer overflow. An attacker can exploit this vulnerability by submitting a specifically crafted HFS+ partition file for scanning. A successful attack could result in arbitrary code execution with the same privileges as the ClamAV scanning process, or it could crash the process entirely, causing a denial of service (DoS) situation. For further details, please refer to the ClamAV blog.",Cisco,"Cisco Secure Web Appliance,Cisco Secure Endpoint,Cisco Secure Endpoint Private Cloud Administration Portal",9.8,CRITICAL,0.003470000112429261,false,,false,false,false,,,false,false,,2023-03-01T08:15:00.000Z,0
CVE-2014-3352,https://securityvulnerability.io/vulnerability/CVE-2014-3352,,"Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an ""iFrame vulnerability,"" aka Bug ID CSCuh84801.",Cisco,Cloud Portal,,,0.006060000043362379,false,,false,false,false,,,false,false,,2014-08-30T10:00:00.000Z,0
CVE-2014-3351,https://securityvulnerability.io/vulnerability/CVE-2014-3351,,"Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.",Cisco,Cloud Portal,,,0.004980000201612711,false,,false,false,false,,,false,false,,2014-08-29T10:00:00.000Z,0
CVE-2014-3350,https://securityvulnerability.io/vulnerability/CVE-2014-3350,,"Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870.",Cisco,Cloud Portal,,,0.0014199999859556556,false,,false,false,false,,,false,false,,2014-08-29T10:00:00.000Z,0
CVE-2014-3349,https://securityvulnerability.io/vulnerability/CVE-2014-3349,,"Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410.",Cisco,Cloud Portal,,,0.001560000004246831,false,,false,false,false,,,false,false,,2014-08-29T10:00:00.000Z,0
CVE-2014-3298,https://securityvulnerability.io/vulnerability/CVE-2014-3298,,"Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976.",Cisco,Cloud Portal,,,0.001879999996162951,false,,false,false,false,,,false,false,,2014-07-02T10:00:00.000Z,0
CVE-2014-3297,https://securityvulnerability.io/vulnerability/CVE-2014-3297,,"Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.",Cisco,Cloud Portal,,,0.0019099999917671084,false,,false,false,false,,,false,false,,2014-07-02T10:00:00.000Z,0
CVE-2014-0694,https://securityvulnerability.io/vulnerability/CVE-2014-0694,,"Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818.",Cisco,Cloud Portal,,,0.002689999993890524,false,,false,false,false,,,false,false,,2014-03-14T10:00:00.000Z,0
CVE-2013-6708,https://securityvulnerability.io/vulnerability/CVE-2013-6708,,"Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889.",Cisco,Cloud Portal,,,0.003980000037699938,false,,false,false,false,,,false,false,,2013-12-10T02:00:00.000Z,0
CVE-2013-1139,https://securityvulnerability.io/vulnerability/CVE-2013-1139,,"The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.",Cisco,Cloud Portal,,,0.0009899999713525176,false,,false,false,false,,,false,false,,2013-02-27T00:55:00.000Z,0