Vulnerabilities > Oisf

DATE CVE VULNERABILITY TITLE RISK
2023-06-19 CVE-2023-35853 Unspecified vulnerability in Oisf Suricata
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code.
network
low complexity
oisf
critical
9.8
2023-04-06 CVE-2020-19678 Path Traversal vulnerability in multiple products
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
network
low complexity
oisf pfsense CWE-22
7.5
2021-12-16 CVE-2021-45098 An issue was discovered in Suricata before 6.0.4.
network
low complexity
oisf debian
7.5
2021-11-19 CVE-2021-37592 Out-of-bounds Write vulnerability in Oisf Suricata
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
network
low complexity
oisf CWE-787
critical
9.8
2021-07-22 CVE-2021-35063 Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
network
low complexity
oisf debian fedoraproject
7.5
2020-01-06 CVE-2019-18625 An issue was discovered in Suricata 5.0.0.
network
low complexity
oisf debian
7.5
2020-01-06 CVE-2019-18792 Interpretation Conflict vulnerability in multiple products
An issue was discovered in Suricata 5.0.0.
network
low complexity
oisf debian CWE-436
critical
9.1
2019-10-10 CVE-2019-17420 Incomplete Cleanup vulnerability in multiple products
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
network
low complexity
suricata-ids oisf CWE-459
5.3
2019-07-18 CVE-2019-1010279 Improper Verification of Cryptographic Signature vulnerability in Oisf Suricata
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass.
network
low complexity
oisf CWE-347
7.5
2019-07-18 CVE-2019-1010251 Improper Input Validation vulnerability in Oisf Suricata
Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass.
network
low complexity
oisf CWE-20
7.5