20 matches found
EUVD-2018-4019
Malware in sbrugna...
EUVD-2018-4018
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-12034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...
GHSA-7VF4-X5M2-R6GR OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
SpEL Injection in PUT /api/v1/policies GHSL-2023-252 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability CompiledRule::validateExpression is also called from...
VulnCheck KEV: CVE-2024-28848
The OpenMetadata CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext which allows the expression to reach and interact with Java classes such as java.lang.Runtime and leading to Remote Code Execution. The...
VulnCheck KEV: CVE-2024-28253
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...
SUSE CVE-2018-12034
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...
SUSE CVE-2018-19974
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack not the YARA virtual stack...
SUSE CVE-2018-19976
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...
CVE-2018-19976
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...
UBUNTU-CVE-2018-19974
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack not the YARA virtual stack...
PT-2018-15180
Name of the Vulnerable Software and Affected Versions YARA version 3.8.1 Description The issue allows attackers to discover addresses in the real stack by reading uninitialized data from VM scratch memory in libyara/exec.c when bytecode in a specially crafted compiled rule is executed...
YARA Buffer Overflow Vulnerability
YARA is a set of tools used to help software researchers identify and categorize malware samples. A security vulnerability exists in the 'yrexecutecode' function of the libyara/exec.c file in YARA. The vulnerability can be exploited by an attacker to execute code out-of-bounds writing with the he...
YARA buffer overflow vulnerability (CNVD-2018-23867)
YARA is a set of tools used to help software researchers identify and categorize malware samples. An out-of-bounds read vulnerability exists in the 'yrexecutecode' function of the libyara/exec.c file in YARA. The vulnerability can be exploited by an attacker to execute code with the help of a...
CVE-2018-12034
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...
UBUNTU-CVE-2018-12034
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...
UBUNTU-CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...
CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...
CVE-2018-12034
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...
PT-2018-10955
Name of the Vulnerable Software and Affected Versions YARA versions prior to 3.7.1 Description The issue arises when parsing a specially crafted compiled rule file, leading to an out of bounds read in the yr execute code function located in libyara/exec.c. Recommendations For versions prior to...