Suricata Security Vulnerabilities and Issues — Suricata CVE List

Lucene search

OisfSuricata

3 matches found

CVE•added 2023/06/19 4:15 a.m.•161 views

CVE-2023-35852

In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-...

7.5CVSS7.3AI score0.00461EPSS

CVE•added 2023/06/19 4:15 a.m.•53 views

CVE-2023-35853

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.

9.8CVSS9.3AI score0.00551EPSS

CVE•added 2023/04/06 6:15 p.m.•34 views

CVE-2020-19678

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.

7.5CVSS7.2AI score0.00227EPSS