Wazuh Security Vulnerabilities

CVE-2024-32038

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh...

CVE-2023-50260

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the host_deny script allows to write any string in the hosts.deny file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active....

CVE-2023-49275

Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when analysisd receives a syscollector message with the....

CVE-2023-42463

Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version...

CVE-2023-42455

Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the...

CVE-2022-40497

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response...