Page 85 of 38478 results (1.078 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service. • https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g https://redmine.openinfosecfoundation.org/issues/7195 • CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. • https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p https://redmine.openinfosecfoundation.org/issues/7209 • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. • https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872 https://redmine.openinfosecfoundation.org/issues/7289 • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0

This enables denial of service attacks. • https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq https://www.cve.org/CVERecord?id=CVE-2024-8038 • CWE-420: Unprotected Alternate Channel •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. • https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-1.pdf • CWE-306: Missing Authentication for Critical Function •