RSS   Podatności dla 'Wazuh'   RSS

2021-11-22
 
CVE-2021-44079

CWE-77
 

 
In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.

 
2021-03-06
 
CVE-2021-26814

CWE-20
 

 
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.

 
2018-11-29
 
CVE-2018-19666

CWE-22
 

 
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.

 


Copyright 2024, cxsecurity.com

 

Back to Top