Ossec

Ossec

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-28040

Exploit
  • EPSS 0.28%
  • Veröffentlicht 05.03.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:59:01

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segm...

9.8

CVE-2020-8447

Exploit
  • EPSS 0.85%
  • Veröffentlicht 30.01.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:52

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analys...

5.5

CVE-2020-8448

Exploit
  • EPSS 0.14%
  • Veröffentlicht 30.01.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:52

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local ...

8.8

CVE-2020-8442

Exploit
  • EPSS 0.77%
  • Veröffentlicht 30.01.2020 01:15:10
  • Zuletzt bearbeitet 21.11.2024 05:38:51

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client.

9.8

CVE-2020-8443

Exploit
  • EPSS 0.76%
  • Veröffentlicht 30.01.2020 01:15:10
  • Zuletzt bearbeitet 21.11.2024 05:38:51

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and d...

9.8

CVE-2020-8444

Exploit
  • EPSS 0.85%
  • Veröffentlicht 30.01.2020 01:15:10
  • Zuletzt bearbeitet 21.11.2024 05:38:52

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the ana...

10

CVE-2020-8445

  • EPSS 0.99%
  • Veröffentlicht 30.01.2020 01:15:10
  • Zuletzt bearbeitet 21.11.2024 05:38:52

In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are per...

5.5

CVE-2020-8446

Exploit
  • EPSS 0.19%
  • Veröffentlicht 30.01.2020 01:15:10
  • Zuletzt bearbeitet 21.11.2024 05:38:52

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local use...

7.8

CVE-2018-19666

Exploit
  • EPSS 0.02%
  • Veröffentlicht 29.11.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:23

The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.

7

CVE-2015-3222

  • EPSS 0.48%
  • Veröffentlicht 07.09.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.