Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suricata vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-10242
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.
Suricata-ids Suricata 4.0.4
Debian Debian Linux 8.0
445
VMScore
CVE-2018-18956
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x prior to 4.0.6 allows remote malicious users to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.
Suricata-ids Suricata
445
VMScore
CVE-2016-10728
An issue exists in Suricata prior to 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed de...
Suricata-ids Suricata
1 Github repository
445
VMScore
CVE-2018-14568
Suricata prior to 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
Suricata-ids Suricata
1 Github repository
828
VMScore
CVE-2018-1000167
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug....
Oisf Suricata-update 1.0.0a1
505
VMScore
CVE-2018-6794
Suricata prior to 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web client...
Suricata-ids Suricata
Debian Debian Linux 8.0
1 EDB exploit
1 Github repository
445
VMScore
CVE-2017-15377
In Suricata prior to 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should aft...
Openinfosecfoundation Suricata
668
VMScore
CVE-2015-8954
The MemcmpLowercase function in Suricata prior to 2.0.6 improperly excludes the first byte from comparisons, which might allow remote malicious users to bypass intrusion-prevention functionality via a crafted HTTP request.
Openinfosecfoundation Suricata
445
VMScore
CVE-2017-7177
Suricata prior to 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
Openinfosecfoundation Suricata
668
VMScore
CVE-2014-9769
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote malicious users to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets...
Pcre Pcre 8.35
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »