Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/583346?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "clamav", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.65", "latest_non_vulnerable_version": "1.4.4+dfsg-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61697?format=api", "vulnerability_id": "VCID-568z-e7ep-dbdz", "summary": "Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-20803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82341", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82271", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82307", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82309", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.8233", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82214", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82235", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.8223", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82256", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01696", "scoring_system": "epss", "scoring_elements": "0.82264", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-20803" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2722", "reference_id": "AVG-2722", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2722" }, { "reference_url": "https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html", "reference_id": "clamav-01050-01043-01036-released.html", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T16:24:43Z/" } ], "url": "https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html" }, { "reference_url": "https://security.gentoo.org/glsa/202310-01", "reference_id": "GLSA-202310-01", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T16:24:43Z/" } ], "url": "https://security.gentoo.org/glsa/202310-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-20803" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-568z-e7ep-dbdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132073?format=api", "vulnerability_id": "VCID-fg72-nbqy-mqgs", "summary": "freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69326", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69338", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69355", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69335", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69385", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69401", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69424", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69408", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69394", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69434", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69444", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69426", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69477", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00598", "scoring_system": "epss", "scoring_elements": "0.69484", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0058" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-0058" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fg72-nbqy-mqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97785?format=api", "vulnerability_id": "VCID-jcfy-dyqj-h3aw", "summary": "A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-20234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50789", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50847", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50805", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50863", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50886", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50844", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50846", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50831", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72214", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72168", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72176", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72161", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72205", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-20234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108045", "reference_id": "1108045", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108045" }, { "reference_url": "https://security.archlinux.org/AVG-2903", "reference_id": "AVG-2903", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2903" }, { "reference_url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy", "reference_id": "cisco-sa-clamav-udf-hmwd9nDy", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-18T18:20:31Z/" } ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy" }, { "reference_url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html", "reference_id": "clamav-143-and-109-security-patch.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-18T18:20:31Z/" } ], "url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html" }, { "reference_url": "https://usn.ubuntu.com/7615-1/", "reference_id": "USN-7615-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7615-1/" }, { "reference_url": "https://usn.ubuntu.com/7615-2/", "reference_id": "USN-7615-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7615-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-20234" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jcfy-dyqj-h3aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/119619?format=api", "vulnerability_id": "VCID-jdn6-r2vx-6fbh", "summary": "Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.", "references": [ { "reference_url": "http://kolab.org/security/kolab-vendor-notice-15.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "http://kolab.org/security/kolab-vendor-notice-15.txt" }, { "reference_url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74485", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74361", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74365", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74392", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74367", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74399", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74415", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74436", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74416", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74407", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74445", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74453", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74443", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00821", "scoring_system": "epss", "scoring_elements": "0.74477", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3025" }, { "reference_url": "http://secunia.com/advisories/25525", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/25525" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3025", "reference_id": "CVE-2007-3025", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3025" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-3025" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdn6-r2vx-6fbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33779?format=api", "vulnerability_id": "VCID-k4w5-5g16-x3b2", "summary": "Multiple vulnerabilities in ClamAV may result in the remote execution of\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85231", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85243", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85262", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85286", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85294", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85309", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85307", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85303", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85323", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85325", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85321", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85344", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02486", "scoring_system": "epss", "scoring_elements": "0.85353", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=442743", "reference_id": "442743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=442743" }, { "reference_url": "https://security.gentoo.org/glsa/200805-19", "reference_id": "GLSA-200805-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-1835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4w5-5g16-x3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33781?format=api", "vulnerability_id": "VCID-p14n-mfwj-vufs", "summary": "Multiple vulnerabilities in ClamAV may result in the remote execution of\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90511", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90515", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90526", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90551", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90559", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90553", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.9057", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90569", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90568", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90583", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05852", "scoring_system": "epss", "scoring_elements": "0.90584", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=442744", "reference_id": "442744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=442744" }, { "reference_url": "https://security.gentoo.org/glsa/200805-19", "reference_id": "GLSA-200805-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-1836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p14n-mfwj-vufs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/241385?format=api", "vulnerability_id": "VCID-rhj5-gtyt-2ucn", "summary": "A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThe vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66019", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.66007", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65946", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65912", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65976", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65994", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65981", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65951", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.005", "scoring_system": "epss", "scoring_elements": "0.65986", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20380" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html", "reference_id": "clamav-131-123-106-patch-versions.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-20T03:18:49Z/" } ], "url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-20380" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhj5-gtyt-2ucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51464?format=api", "vulnerability_id": "VCID-sq4f-krz1-87fw", "summary": "Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92432", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92404", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92409", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92417", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92427", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92426", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92429", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92382", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92389", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08586", "scoring_system": "epss", "scoring_elements": "0.92393", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20290" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063479", "reference_id": "1063479", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063479" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/", "reference_id": "5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-07T20:34:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/", "reference_id": "6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-07T20:34:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/" }, { "reference_url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t", "reference_id": "cisco-sa-clamav-hDffu6t", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-07T20:34:45Z/" } ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t" }, { "reference_url": "https://security.gentoo.org/glsa/202507-03", "reference_id": "GLSA-202507-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-03" }, { "reference_url": "https://usn.ubuntu.com/6636-1/", "reference_id": "USN-6636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6636-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584411?format=api", "purl": "pkg:deb/debian/clamav@1.0.5%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.5%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584412?format=api", "purl": "pkg:deb/debian/clamav@1.0.5%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-20290" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sq4f-krz1-87fw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109380?format=api", "vulnerability_id": "VCID-u4q5-6h15-guf2", "summary": "Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.", "references": [ { "reference_url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53552", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53486", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5351", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53535", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53503", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53553", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5355", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53599", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53564", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.536", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53605", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53588", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3229" }, { "reference_url": "http://shadock.net/secubox/AVCraftedArchive.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://shadock.net/secubox/AVCraftedArchive.html" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3229", "reference_id": "CVE-2005-3229", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-3229" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4q5-6h15-guf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33782?format=api", "vulnerability_id": "VCID-uvbv-aeft-jyay", "summary": "Multiple vulnerabilities in ClamAV may result in the remote execution of\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93005", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93013", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93017", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93016", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93029", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93034", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93031", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93033", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93043", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93046", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93053", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.09954", "scoring_system": "epss", "scoring_elements": "0.93059", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=442745", "reference_id": "442745", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=442745" }, { "reference_url": "https://security.gentoo.org/glsa/200805-19", "reference_id": "GLSA-200805-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200805-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-1837" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvbv-aeft-jyay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/113392?format=api", "vulnerability_id": "VCID-vhv6-2yu5-wbb3", "summary": "freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-2427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14582", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14631", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14702", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14514", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14603", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1466", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14619", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14581", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14521", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14412", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14414", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14486", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14519", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14517", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-2427" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-2427" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhv6-2yu5-wbb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51463?format=api", "vulnerability_id": "VCID-vzhw-bgs7-sye3", "summary": "Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76433", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76461", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76443", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76476", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.7649", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76515", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76494", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.7653", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76533", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76522", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76561", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-20212" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050057", "reference_id": "1050057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050057" }, { "reference_url": "https://security.gentoo.org/glsa/202507-03", "reference_id": "GLSA-202507-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585292?format=api", "purl": "pkg:deb/debian/clamav@1.0.2%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.2%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585293?format=api", "purl": "pkg:deb/debian/clamav@1.0.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-20212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzhw-bgs7-sye3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129394?format=api", "vulnerability_id": "VCID-xyb8-pe6q-sbby", "summary": "The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19946", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.2015", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19879", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19958", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20012", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20032", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19987", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.1993", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19907", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19912", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19909", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19802", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19797", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1601" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1601" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xyb8-pe6q-sbby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51465?format=api", "vulnerability_id": "VCID-yuub-nqnn-qyg6", "summary": "Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48031", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48047", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48024", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48087", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48082", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48038", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48019", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48749", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48804", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5076", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50734", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20328" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063479", "reference_id": "1063479", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063479" }, { "reference_url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html", "reference_id": "clamav-130-122-105-released.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-05T15:40:24Z/" } ], "url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html" }, { "reference_url": "https://security.gentoo.org/glsa/202507-03", "reference_id": "GLSA-202507-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-03" }, { "reference_url": "https://usn.ubuntu.com/6636-1/", "reference_id": "USN-6636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6636-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584411?format=api", "purl": "pkg:deb/debian/clamav@1.0.5%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.5%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584412?format=api", "purl": "pkg:deb/debian/clamav@1.0.5%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-20328" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuub-nqnn-qyg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/126668?format=api", "vulnerability_id": "VCID-z7du-zx2w-nubk", "summary": "ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64555", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.644", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64455", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64485", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64444", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64492", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64508", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64524", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64512", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64484", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64518", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6453", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64522", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64542", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5525" }, { "reference_url": "http://securityreason.com/securityalert/4723", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/4723" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" }, { "reference_url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5525", "reference_id": "CVE-2008-5525", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5525" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583346?format=api", "purl": "pkg:deb/debian/clamav@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582099?format=api", "purl": "pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582100?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582101?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582102?format=api", "purl": "pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kba-63mx-hya7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063042?format=api", "purl": "pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-5525" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7du-zx2w-nubk" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0%3Fdistro=trixie" }