cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20032,https://securityvulnerability.io/vulnerability/CVE-2023-20032,Buffer Overflow Vulnerability in ClamAV Scanning Library Affecting Multiple Versions,"On February 15, 2023, a vulnerability was disclosed in the HFS+ partition file parser of ClamAV, enabling potential malicious exploitation. The flaw arises from a lack of buffer size verification, leading to the possibility of a heap buffer overflow. An attacker can exploit this vulnerability by submitting a specifically crafted HFS+ partition file for scanning. A successful attack could result in arbitrary code execution with the same privileges as the ClamAV scanning process, or it could crash the process entirely, causing a denial of service (DoS) situation. For further details, please refer to the ClamAV blog.",Cisco,"Cisco Secure Web Appliance,Cisco Secure Endpoint,Cisco Secure Endpoint Private Cloud Administration Portal",9.8,CRITICAL,0.003470000112429261,false,,false,false,false,,,false,false,,2023-03-01T08:15:00.000Z,0
CVE-2020-3154,https://securityvulnerability.io/vulnerability/CVE-2020-3154,Cisco Cloud Web Security SQL Injection Vulnerability,"A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability sending malicious requests to the affected device. An exploit could allow the attacker to modify values on or return values from the underlying database.",Cisco,Cisco Cloud Web Security,4.9,MEDIUM,0.0007999999797903001,false,,false,false,true,2024-08-04T08:16:27.000Z,,false,false,,2020-02-19T00:00:00.000Z,0
CVE-2015-0689,https://securityvulnerability.io/vulnerability/CVE-2015-0689,,"Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.",Cisco,Cloud Web Security,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2017-09-19T15:00:00.000Z,0
CVE-2015-0674,https://securityvulnerability.io/vulnerability/CVE-2015-0674,,Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.,Cisco,Cloud Web Security,6.1,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2017-07-25T18:00:00.000Z,0