Vulnerabilities > Ossec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-8448 | NULL Pointer Dereference vulnerability in Ossec In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user. | 5.5 |
| 2020-01-30 | CVE-2020-8446 | Path Traversal vulnerability in Ossec In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. | 5.5 |
| 2017-04-20 | CVE-2016-4847 | Cross-site Scripting vulnerability in Ossec web UI 0.3/0.8 Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. | 6.1 |