Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntop ntop - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-7458
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng prior to 3.0 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.
Ntop Ntopng
7.5
CVSSv3
CVE-2020-11940
In nDPI up to and including 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.
Ntop Ndpi
NA
CVE-2015-8368
ntopng (aka ntop) prior to 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
Ntop Ntopng
1 EDB exploit
9.1
CVSSv3
CVE-2020-15471
In nDPI up to and including 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
Ntop Ndpi
9.1
CVSSv3
CVE-2020-15473
In nDPI up to and including 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.
Ntop Ndpi
9.8
CVSSv3
CVE-2020-15474
In nDPI up to and including 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.
Ntop Ndpi
NA
CVE-2014-4329
Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote malicious users to inject arbitrary web script or HTML via the host parameter.
Ntop Ntopng 1.1
NA
CVE-2005-3387
The startup script in packages/RedHat/ntop.init in ntop prior to 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote malicious users to execute arbitrary code.
Luca Deri Ntop
8.8
CVSSv3
CVE-2021-36082
ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello.
Ntop Ndpi 3.4
NA
CVE-2002-0412
Format string vulnerability in TraceEvent function for ntop prior to 2.1 allows remote malicious users to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3)...
Luca Deri Ntop 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »