Lucene search
K

29 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-5924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled ...

7.5CVSS7.2AI score0.01601EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.5 views

SUSE CVE-2018-12035

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...

7.8CVSS7.6AI score0.01243EPSS
Exploits1References3
OSV
OSV
added 2022/02/04 7:15 p.m.2 views

DEBIAN-CVE-2021-45429

A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yrsetconfiguration in yara/libyara/libyara.c, which could cause a Denial of Service...

5.5CVSS6.3AI score0.0084EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.5 views

PT-2022-12351

Name of the Vulnerable Software and Affected Versions VirusTotal YARA affected versions not specified Description A Buffer Overflow issue exists in VirusTotal YARA, specifically via yr set configuration in yara/libyara/libyara.c, which could cause a Denial of Service. Recommendations At the momen...

9.1CVSS6.6AI score0.02996EPSS
Exploits12References30
Akamai Blog
Akamai Blog
added 2021/09/17 1:15 p.m.11 views

Gaming Industry Paves the Way

Currently at $200 billion per year and growing, the gaming industry has grown from humble beginnings in the 1930s during which games like Baffle Ball and pinball were considered a degenerate form of leisure that would lead young men into lives of sin into a massive global phenomenon widely seen a...

1.9AI score
Exploits0
OSV
OSV
added 2018/06/15 4:29 p.m.14 views

UBUNTU-CVE-2018-12035

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...

7.8CVSS7.1AI score0.01243EPSS
Exploits1References6
OSV
OSV
added 2018/06/15 4:29 p.m.12 views

UBUNTU-CVE-2018-12034

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...

7.8CVSS7.1AI score0.01243EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2017/07/14 12:0 a.m.5 views

PT-2017-11927

Name of the Vulnerable Software and Affected Versions YARA versions 3.x Description A heap buffer overflow issue exists in the yr object array set item function, located in object.c, which can be triggered by scanning a maliciously crafted .NET file, leading to a denial-of-service attack...

9.1CVSS6.9AI score0.02996EPSS
Exploits12References26
NVD
NVD
added 2017/06/05 7:29 p.m.13 views

CVE-2017-9420

Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...

6.1CVSS6.2AI score0.01323EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/06/05 7:0 p.m.19 views

CVE-2017-9420

Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...

6.2AI score0.01323EPSS
Exploits0References3
OSV
OSV
added 2017/04/03 5:59 a.m.2 views

DEBIAN-CVE-2017-5924

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled in the yrcompilerdestroy function...

7.5CVSS7.2AI score0.01601EPSS
Exploits1References1
OSV
OSV
added 2017/04/03 5:59 a.m.3 views

UBUNTU-CVE-2016-10211

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled in the yrparserlookuploopvariable function...

7.5CVSS7.1AI score0.01601EPSS
Exploits1References3
hackapp
hackapp
added 2016/04/01 9:36 a.m.13 views

ByVejr - DMI - Yr - Vejret - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application ByVejr - DMI - Yr - Vejret published at the 'play' market has multiple vulnerabilities...

0.9AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:35 a.m.14 views

YR weather widget HD - Dangerous filesystem permissions, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application YR weather widget HD published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:35 a.m.14 views

Yr - Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Yr published at the 'play' market has multiple vulnerabilities...

7.2AI score
Exploits0References1Affected Software1
NVD
NVD
added 2010/09/16 10:0 p.m.12 views

CVE-2010-3423

SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method...

7.5CVSS8.4AI score0.01117EPSS
Exploits0References5
Prion
Prion
added 2010/09/16 10:0 p.m.9 views

Sql injection

SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method...

7.5CVSS9.1AI score0.01117EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2010/09/16 9:0 p.m.40 views

CVE-2010-3423

The CVE-2010-3423 entry describes a SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x prior to 6.x-1.6. Affected component: Drupal module Yr Weatherdata (Drupal 6.x). Root cause: SQL injection via the module’s sorting method, enabling remote attackers to execute arbitrary SQ...

7.5CVSS8.7AI score0.01117EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2010/09/16 9:0 p.m.15 views

CVE-2010-3423

SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method...

8.4AI score0.01117EPSS
Exploits0References5
Drupal
Drupal
added 2010/09/08 12:0 a.m.16 views

SA-CONTRIB-2010-090 - Yr Weatherdata - SQL Injection

The Yr Weatherdata module displays weather forecasts, and enables users with the proper permission to set the sort method. When setting the sorting method the module does not filter the value input by the user correctly. This vulnerability can be exploited to perform an SQL Injection attack...

8.3AI score
Exploits0References7
Rows per page
Query Builder