Cisco Secure Endpoint vulnerabilities

CVE-2025-20234 [MEDIUM] CWE-125 CVE-2025-20234: A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF conte

CVE-2025-20128 [MEDIUM] CWE-122 CVE-2025-20128: A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allo A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this

CVE-2024-20290 [HIGH] CWE-126 CVE-2024-20290: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote atta A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability

CVE-2023-20084 [MEDIUM] CWE-437 CVE-2023-20084: A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authent A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a m

CVE-2023-20212 [HIGH] CWE-825 CVE-2023-20212: A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to ca A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by C

CVE-2023-20197 [HIGH] CWE-835 CVE-2023-20197: A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV co A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could

CVE-2023-20032 [CRITICAL] CWE-120 CVE-2023-20032: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vu On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size

CVE-2023-20052 [MEDIUM] CWE-611 CVE-2023-20052: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vu On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabli

CVE-2022-20771 [HIGH] CWE-399 CVE-2022-20771: On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and e On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denia

CVE-2022-20785 [HIGH] CWE-401 CVE-2022-20785: On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and e On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of

CVE-2022-20770 [HIGH] CWE-399 CVE-2022-20770: On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and e On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of

CVE-2022-20796 [MEDIUM] CWE-822 CVE-2022-20796: On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earl On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a desc