Cisco Secure Endpoint Private Cloud Administration Portal vulnerabilities

CVE-2024-20290 [HIGH] CWE-126 CVE-2024-20290: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote atta A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability

CVE-2023-20032 [CRITICAL] CWE-120 CVE-2023-20032: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vu On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size