Vulnerabilities > Ossec > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-8447 | Use After Free vulnerability in Ossec In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). | 9.8 |
| 2020-01-30 | CVE-2020-8445 | Improper Input Validation vulnerability in Ossec In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. | 9.8 |
| 2020-01-30 | CVE-2020-8444 | Use After Free vulnerability in Ossec In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). | 9.8 |
| 2020-01-30 | CVE-2020-8443 | Off-by-one Error vulnerability in Ossec In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). | 9.8 |