Vulnerabilities > Wazuh > Wazuh

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-42463 Stack-based Buffer Overflow vulnerability in Wazuh
Wazuh is a free and open source platform used for threat prevention, detection, and response.
local
low complexity
wazuh CWE-121
7.8
2022-09-28 CVE-2022-40497 Unspecified vulnerability in Wazuh
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.
network
low complexity
wazuh
8.8
2021-11-22 CVE-2021-44079 Command Injection vulnerability in Wazuh
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.
network
low complexity
wazuh CWE-77
critical
9.8
2021-09-29 CVE-2021-41821 Integer Underflow (Wrap or Wraparound) vulnerability in Wazuh
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service.
network
low complexity
wazuh CWE-191
6.5
2021-03-06 CVE-2021-26814 Path Traversal vulnerability in Wazuh
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI.
network
low complexity
wazuh CWE-22
8.8
2018-11-29 CVE-2018-19666 Path Traversal vulnerability in multiple products
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
local
low complexity
ossec wazuh CWE-22
7.8