Vulnerabilities > Wazuh > Wazuh > 4.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-42463 | Stack-based Buffer Overflow vulnerability in Wazuh Wazuh is a free and open source platform used for threat prevention, detection, and response. | 7.8 |
| 2022-09-28 | CVE-2022-40497 | Unspecified vulnerability in Wazuh Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | 8.8 |
| 2021-11-22 | CVE-2021-44079 | Command Injection vulnerability in Wazuh In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | 7.5 |