Vulnerabilities > Oisf

DATE CVE VULNERABILITY TITLE RISK
2023-06-19 CVE-2023-35852 Path Traversal vulnerability in Oisf Suricata
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem.
network
low complexity
oisf CWE-22
7.5
2023-06-19 CVE-2023-35853 Unspecified vulnerability in Oisf Suricata
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code.
network
low complexity
oisf
critical
9.8
2021-12-16 CVE-2021-45098 An issue was discovered in Suricata before 6.0.4.
network
low complexity
oisf debian
5.0
2021-11-19 CVE-2021-37592 Out-of-bounds Write vulnerability in Oisf Suricata
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
network
low complexity
oisf CWE-787
7.5
2021-07-22 CVE-2021-35063 Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
network
low complexity
oisf debian fedoraproject
7.5
2019-10-10 CVE-2019-17420 Improper Input Validation vulnerability in multiple products
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
network
low complexity
oisf suricata-ids CWE-20
5.0
2019-07-18 CVE-2019-1010279 Improper Verification of Cryptographic Signature vulnerability in Oisf Suricata
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass.
network
low complexity
oisf CWE-347
5.0
2019-07-18 CVE-2019-1010251 Improper Input Validation vulnerability in Oisf Suricata
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass.
network
low complexity
oisf CWE-20
5.0
2019-05-13 CVE-2019-10050 Out-of-bounds Read vulnerability in Oisf Suricata
A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4.
network
low complexity
oisf CWE-125
5.0
2019-04-04 CVE-2018-10243 Out-of-bounds Read vulnerability in Oisf Libhtp 0.5.26
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.
network
low complexity
oisf CWE-125
7.5