Filtered by vendor Wazuh
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40497 | 1 Wazuh | 1 Wazuh | 2022-09-29 | N/A | 8.8 HIGH |
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | |||||
CVE-2021-26814 | 1 Wazuh | 1 Wazuh | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script. | |||||
CVE-2021-44079 | 1 Wazuh | 1 Wazuh | 2021-12-14 | 7.5 HIGH | 9.8 CRITICAL |
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | |||||
CVE-2021-41821 | 1 Wazuh | 1 Wazuh | 2021-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager. | |||||
CVE-2018-19666 | 3 Microsoft, Ossec, Wazuh | 3 Windows, Ossec, Wazuh | 2019-01-04 | 7.2 HIGH | 7.8 HIGH |
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. |