CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4847
https://notcve.org/view.php?id=CVE-2016-4847
20 Apr 2017 — Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. Vulnerabilidad XSS en site/search.php en OSSEC Web UI en versiones anteriores a 0.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante el aprovechamiento de un regex sin anclaje. • http://jvn.jp/en/jp/JVN58455472/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 2CVE-2015-3222 – OSSEC 2.7 < 2.8.1 - 'diff' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3222
12 Jun 2015 — syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. syscheck/seechanges.c en OSSEC 2.7 hasta la versión 2.8.1 en sistemas NIX permite que los usuarios locales ejecuten código arbitrario como root. OSSEC versions 2.7 through 2.8.1 suffer from a local root escalation vulnerability. • https://packetstorm.news/files/id/132281 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 9%CPEs: 1EXPL: 5CVE-2014-5284 – OSSEC 2.8 - 'hosts.deny' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-5284
14 Nov 2014 — host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed. host-deny.sh en OSSEC anterior a 2.8.1 escribe a ficheros temporales con nombres de ficheros previsibles sin verificar su dueño, lo que permite a usuarios locales modificar las restricciones de acceso en hosts.deny y ganar pri... • https://packetstorm.news/files/id/129111 • CWE-264: Permissions, Privileges, and Access Controls •