Every CVE whose affected-product data names Suricata-ids Suricata, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2019-10053 — CVSS 9.8 (critical): An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character…
CVE-2019-16411 — CVSS 9.8 (critical): An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function…
CVE-2019-16410 — CVSS 9.1 (critical): An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to…
CVE-2019-15699 — CVSS 9.1 (critical): An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function…
CVE-2019-10051 — CVSS 7.5 (high): An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item…
CVE-2019-10052 — CVSS 7.5 (high): An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a…
CVE-2018-18956 — CVSS 7.5 (high): The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service…
CVE-2019-10054 — CVSS 7.5 (high): An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an…
CVE-2019-10055 — CVSS 7.5 (high): An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a…
CVE-2019-10056 — CVSS 7.5 (high): An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the…
CVE-2018-14568 — CVSS 7.5 (high): Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients…
CVE-2019-17420 — CVSS 5.3 (medium): In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature…
CVE-2018-6794 — CVSS 5.3 (medium): Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a…
CVE-2016-10728 — CVSS 5.3 (medium): An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client…