8 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2. Wazuh es una plataforma gratuita y de código abierto que se utiliza para la prevención, detección y respuesta a amenazas. • https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327 • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active response feature, which can automatically triggers actions in response to alerts. By default, active responses are limited to a set of pre defined executables. This is enforced by only allowing executables stored under `/var/ossec/active-response/bin` to be run as an active response. • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis engine. • https://github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.c#L1573 https://github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.c#L1578 https://github.com/wazuh/wazuh/security/advisories/GHSA-4mq7-w9r6-9975 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3. Wazuh es una plataforma gratuita y de código abierto que se utiliza para la prevención, detección y respuesta a amenazas. Este error introdujo peligro por desbordamiento de pila que podría permitir una escalada de privilegios locales. • https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r • CWE-121: Stack-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. Se ha detectado que Wazuh versiones v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, y v4.3.0 - v4.3.7, contienen una vulnerabilidad de ejecución de código remota (RCE) autenticada por medio del endpoint Active Response • https://github.com/wazuh/wazuh/pull/14801 •