Page 52 of 38332 results (0.052 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. • https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g https://redmine.openinfosecfoundation.org/issues/7195 • CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. • https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p https://redmine.openinfosecfoundation.org/issues/7209 • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7. Suricata es un sistema de detección de intrusiones, un sistema de prevención de intrusiones y un motor de monitoreo de seguridad de red. • https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872 https://redmine.openinfosecfoundation.org/issues/7289 • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0

This enables denial of service attacks. • https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq https://www.cve.org/CVERecord?id=CVE-2024-8038 • CWE-420: Unprotected Alternate Channel •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. • https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-1.pdf • CWE-306: Missing Authentication for Critical Function •