CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cisco Sourcefire Snort is a set of network intrusion prevention software and network intrusion detection software from the U.S. company Cisco Cisco the original Snort team. The software provides packet sniffing, packet analysis and packet detection and other functions. A security vulnerability...

7.5CVSS6.7AI score0.00468EPSS

Exploits0References1

CNVD•added 2017/05/18 12:0 a.m.•2 views

Cisco Sourcefire Snort Buffer Overflow Vulnerability

7.5CVSS7.1AI score0.00468EPSS

Exploits0References1

NVD•added 2017/05/16 5:29 p.m.•7 views

CVE-2017-6657

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which...

7.5CVSS7.4AI score0.00468EPSS

Exploits0References3

Cvelist•added 2017/05/16 5:0 p.m.•14 views

CVE-2017-6657

7.4AI score0.00468EPSS

Exploits0References2

OpenVAS•added 2009/12/14 12:0 a.m.•15 views

Mandriva Security Advisory MDVSA-2009:259-1 (snort)

The remote host is missing an update to snort announced via advisory MDVSA-2009:259-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

6.8CVSS6.4AI score0.00256EPSS

Exploits1References1

OpenVAS•added 2009/10/13 12:0 a.m.•12 views

Mandrake Security Advisory MDVSA-2009:259 (snort)

The remote host is missing an update to snort announced via advisory MDVSA-2009:259. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

6.8CVSS6.4AI score0.00256EPSS

Exploits1References1

UbuntuCve•added 2008/05/22 1:9 p.m.•27 views

CVE-2008-1804

preprocessors/sppfrag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment...

6.8CVSS5.9AI score0.00256EPSS

Exploits1References1

CVE•added 2008/05/22 10:0 a.m.•57 views

CVE-2008-1804

CVE-2008-1804 targets Sourcefire Snort up to version 2.8.0: the preprocessor spp_frag3.c fails to correctly identify packet fragments with dissimilar TTL values, enabling a remote attacker to bypass detection rules by using different TTLs on each fragment. The issue is tied to Snort’s fragment-ha...

6.8CVSS6.3AI score0.00256EPSS

Exploits1References14Affected Software1

Cvelist•added 2008/05/22 10:0 a.m.•15 views

CVE-2008-1804

6.3AI score0.00256EPSS

Exploits1References14

securityvulns•added 2007/02/20 12:0 a.m.•55 views

US-CERT Technical Cyber Security Alert TA07-050A -- Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-050A Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Original release date: February 19, 2007 Last revised: -- Source: US-CERT Systems Affected Snort 2.6.1, 2.6.1.1, and 2.6.1.2 Sno...

10CVSS0.5AI score0.8816EPSS

Exploits15

Prion•added 2006/02/22 2:2 a.m.•14 views

Design/Logic Flaw

The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths...

5CVSS7.2AI score0.00392EPSS

Exploits0References4Affected Software1

NVD•added 2006/02/22 2:2 a.m.•17 views

CVE-2006-0839

5CVSS6.7AI score0.00392EPSS

Exploits0References4

UbuntuCve•added 2006/02/22 2:2 a.m.•25 views

CVE-2006-0839

5CVSS5.9AI score0.00392EPSS

Exploits0References1

Cvelist•added 2006/02/22 2:0 a.m.•14 views

CVE-2006-0839