Filtered by vendor Wazuh Subscriptions
Filtered by product Wazuh Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-42463 1 Wazuh 1 Wazuh 2024-11-21 7.4 High
Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.
CVE-2022-40497 1 Wazuh 1 Wazuh 2024-11-21 8.8 High
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
CVE-2021-44079 1 Wazuh 1 Wazuh 2024-11-21 9.8 Critical
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.
CVE-2021-41821 1 Wazuh 1 Wazuh 2024-11-21 6.5 Medium
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
CVE-2021-26814 1 Wazuh 1 Wazuh 2024-11-21 8.8 High
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.
CVE-2018-19666 3 Microsoft, Ossec, Wazuh 3 Windows, Ossec, Wazuh 2024-11-21 N/A
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.