Filtered by vendor Wazuh
Subscriptions
Filtered by product Wazuh
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-42463 | 1 Wazuh | 1 Wazuh | 2024-11-21 | 7.4 High |
Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3. | ||||
CVE-2022-40497 | 1 Wazuh | 1 Wazuh | 2024-11-21 | 8.8 High |
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | ||||
CVE-2021-44079 | 1 Wazuh | 1 Wazuh | 2024-11-21 | 9.8 Critical |
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | ||||
CVE-2021-41821 | 1 Wazuh | 1 Wazuh | 2024-11-21 | 6.5 Medium |
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager. | ||||
CVE-2021-26814 | 1 Wazuh | 1 Wazuh | 2024-11-21 | 8.8 High |
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script. | ||||
CVE-2018-19666 | 3 Microsoft, Ossec, Wazuh | 3 Windows, Ossec, Wazuh | 2024-11-21 | N/A |
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. |
Page 1 of 1.