Vulnerabilities > Ossec > Ossec > 3.2.0

DATE CVE VULNERABILITY TITLE RISK
2020-01-30 CVE-2020-8448 NULL Pointer Dereference vulnerability in Ossec
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user.
local
low complexity
ossec CWE-476
5.5
5.5
2020-01-30 CVE-2020-8447 Use After Free vulnerability in Ossec
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).
network
low complexity
ossec CWE-416
critical
 9.8
9.8
2020-01-30 CVE-2020-8446 Path Traversal vulnerability in Ossec
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.
local
low complexity
ossec CWE-22
5.5
5.5
2020-01-30 CVE-2020-8445 Improper Input Validation vulnerability in Ossec
In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages.
network
low complexity
ossec CWE-20
critical
 9.8
9.8
2020-01-30 CVE-2020-8444 Use After Free vulnerability in Ossec
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).
network
low complexity
ossec CWE-416
critical
 9.8
9.8
2020-01-30 CVE-2020-8443 Off-by-one Error vulnerability in Ossec
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).
network
low complexity
ossec CWE-193
critical
 9.8
9.8
2020-01-30 CVE-2020-8442 Out-of-bounds Write vulnerability in Ossec
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client.
network
low complexity
ossec CWE-787
8.8
8.8