CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2018-1000167
https://notcve.org/view.php?id=CVE-2018-1000167
18 Apr 2018 — OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerabilit... • https://redmine.openinfosecfoundation.org/issues/2359 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0928
https://notcve.org/view.php?id=CVE-2015-0928
28 Aug 2017 — libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). libhtp 0.5.15 permite que los atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL). • http://www.securityfocus.com/bid/73117 • CWE-476: NULL Pointer Dereference •