Filtered by vendor Wazuh Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-42463 1 Wazuh 1 Wazuh 2024-11-21 7.4 High
Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.
CVE-2023-42455 1 Wazuh 2 Wazuh-dashboard, Wazuh-kibana-app 2024-11-21 8.8 High
Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds.
CVE-2022-40497 1 Wazuh 1 Wazuh 2024-11-21 8.8 High
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
CVE-2021-44079 1 Wazuh 1 Wazuh 2024-11-21 9.8 Critical
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.
CVE-2021-41821 1 Wazuh 1 Wazuh 2024-11-21 6.5 Medium
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
CVE-2021-26814 1 Wazuh 1 Wazuh 2024-11-21 8.8 High
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.
CVE-2018-19666 3 Microsoft, Ossec, Wazuh 3 Windows, Ossec, Wazuh 2024-11-21 N/A
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.