virustotal CVE 脆弱性と CVE 一覧(21)

製品(CPE): — CVE 件数: 21

virustotal 脆弱性概要

virustotal 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は バッファオーバーフロー、vendor risk memory corruption, and パス処理の欠陥 に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 21 CVE 件数
«« 先頭 « 前へ 1 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-40857 Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component. [email protected] 8.8 0.87% 2023-08-28 2026-06-17
CVE-2021-45429 A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. [email protected] 5.5 0.83% 2022-02-04 2026-06-17
CVE-2021-3402 An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4 [email protected] 9.1 2.22% 2021-05-14 2026-06-17
CVE-2019-19648 In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. [email protected] 7.8 1.59% 2019-12-08 2026-06-16
CVE-2019-5020 An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability. [email protected] 5.5 1.08% 2019-07-31 2026-06-16
CVE-2018-19976 In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine. [email protected] 5.5 1.28% 2018-12-17 2026-06-16
CVE-2018-19975 In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD. [email protected] 5.5 1.36% 2018-12-17 2026-06-16
CVE-2018-19974 In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack). [email protected] 5.5 1.28% 2018-12-17 2026-06-16
CVE-2018-12035 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c. [email protected] 7.8 1.24% 2018-06-15 2026-06-16
CVE-2018-12034 In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. [email protected] 7.8 1.24% 2018-06-15 2026-06-16
CVE-2018-10408 An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. [email protected] 7.8 0.86% 2018-06-13 2026-06-16
CVE-2017-11328 Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. [email protected] 5.5 0.68% 2017-07-17 2026-06-16
CVE-2017-9465 The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c. [email protected] 7.1 1.21% 2017-06-06 2026-06-16
CVE-2017-9438 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304. [email protected] 7.5 2.57% 2017-06-05 2026-06-16
CVE-2017-9304 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. [email protected] 7.5 1.84% 2017-05-31 2026-06-16
CVE-2017-8929 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. [email protected] 7.5 1.83% 2017-05-14 2026-06-16
CVE-2017-8294 libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. [email protected] 7.5 3.00% 2017-04-27 2026-06-16
CVE-2017-5924 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. [email protected] 7.5 1.60% 2017-04-03 2026-06-16
CVE-2017-5923 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function. [email protected] 7.5 1.65% 2017-04-03 2026-06-16
CVE-2016-10211 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function. [email protected] 7.5 1.60% 2017-04-03 2026-06-16
«« 先頭 « 前へ 1 / 2 次へ »
cvelogic Threat Intelligence