Vulnerabilities > Wazuh
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-42463 | Stack-based Buffer Overflow vulnerability in Wazuh Wazuh is a free and open source platform used for threat prevention, detection, and response. | 7.8 |
| 2023-10-09 | CVE-2023-42455 | Authorization Bypass Through User-Controlled Key vulnerability in Wazuh Wazuh-Dashboard and Wazuh-Kibana-App Wazuh is a security detection, visibility, and compliance open source project. | 8.8 |
| 2022-09-28 | CVE-2022-40497 | Unspecified vulnerability in Wazuh Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | 8.8 |
| 2021-11-22 | CVE-2021-44079 | Command Injection vulnerability in Wazuh In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | 7.5 |
| 2021-09-29 | CVE-2021-41821 | Integer Underflow (Wrap or Wraparound) vulnerability in Wazuh Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. | 4.0 |
| 2021-03-06 | CVE-2021-26814 | Path Traversal vulnerability in Wazuh Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. | 6.5 |
| 2018-11-29 | CVE-2018-19666 | Path Traversal vulnerability in multiple products The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. | 7.2 |